This is an automated email from the ASF dual-hosted git repository.
davsclaus pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel.git
The following commit(s) were added to refs/heads/main by this push:
new 77653d0644b CAMEL-20620: camel-platform-http-vertx - Path parameters
should not leak back to calling client (#13648)
77653d0644b is described below
commit 77653d0644b1ff75816b870042f0c38dcc79a6ec
Author: Claus Ibsen <[email protected]>
AuthorDate: Fri Mar 29 08:34:38 2024 +0100
CAMEL-20620: camel-platform-http-vertx - Path parameters should not leak
back to calling client (#13648)
---
.../platform/http/vertx/VertxPlatformHttpSupport.java | 16 ++++++++++++----
1 file changed, 12 insertions(+), 4 deletions(-)
diff --git
a/components/camel-platform-http-vertx/src/main/java/org/apache/camel/component/platform/http/vertx/VertxPlatformHttpSupport.java
b/components/camel-platform-http-vertx/src/main/java/org/apache/camel/component/platform/http/vertx/VertxPlatformHttpSupport.java
index 9230343a36e..887064f6ddf 100644
---
a/components/camel-platform-http-vertx/src/main/java/org/apache/camel/component/platform/http/vertx/VertxPlatformHttpSupport.java
+++
b/components/camel-platform-http-vertx/src/main/java/org/apache/camel/component/platform/http/vertx/VertxPlatformHttpSupport.java
@@ -66,16 +66,17 @@ public final class VertxPlatformHttpSupport {
}
static Object toHttpResponse(
- HttpServerResponse response, Message message, HeaderFilterStrategy
headerFilterStrategy,
+ RoutingContext ctx, Message message, HeaderFilterStrategy
headerFilterStrategy,
boolean muteExceptions) {
final Exchange exchange = message.getExchange();
+ HttpServerResponse response = ctx.response();
final int code = determineResponseCode(exchange, message.getBody());
response.setStatusCode(code);
// copy headers from Message to Response
if (headerFilterStrategy != null) {
- copyMessageHeadersToResponse(response, message,
headerFilterStrategy, exchange);
+ copyMessageHeadersToResponse(response, ctx.pathParams(), message,
headerFilterStrategy, exchange);
}
final Object body = getBody(message, muteExceptions, exchange);
@@ -130,11 +131,18 @@ public final class VertxPlatformHttpSupport {
}
private static void copyMessageHeadersToResponse(
- HttpServerResponse response, Message message, HeaderFilterStrategy
headerFilterStrategy, Exchange exchange) {
+ HttpServerResponse response, Map<String, String> pathParams,
+ Message message, HeaderFilterStrategy headerFilterStrategy,
Exchange exchange) {
final TypeConverter tc = exchange.getContext().getTypeConverter();
for (Map.Entry<String, Object> entry :
message.getHeaders().entrySet()) {
final String key = entry.getKey();
+
+ // skip headers that are path-params as we do not want to leak
them back to the caller
+ if (pathParams.containsKey(key)) {
+ continue;
+ }
+
final Object value = entry.getValue();
// use an iterator as there can be multiple values. (must not use
a delimiter)
final Iterator<?> it = ObjectHelper.createIterator(value, null,
true);
@@ -170,7 +178,7 @@ public final class VertxPlatformHttpSupport {
static Future<Void> writeResponse(
RoutingContext ctx, Exchange camelExchange, HeaderFilterStrategy
headerFilterStrategy, boolean muteExceptions) {
- final Object body = toHttpResponse(ctx.response(),
camelExchange.getMessage(), headerFilterStrategy, muteExceptions);
+ final Object body = toHttpResponse(ctx, camelExchange.getMessage(),
headerFilterStrategy, muteExceptions);
final Promise<Void> promise = Promise.promise();
if (body == null) {
