[
https://issues.apache.org/jira/browse/CAMEL-23527?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18084348#comment-18084348
]
Andrea Cosentino commented on CAMEL-23527:
------------------------------------------
Go ahead please, I would go with point B
> API-based component docs: link to security-model header-filtering guidance
> --------------------------------------------------------------------------
>
> Key: CAMEL-23527
> URL: https://issues.apache.org/jira/browse/CAMEL-23527
> Project: Camel
> Issue Type: Improvement
> Components: documentation
> Reporter: Andrea Cosentino
> Priority: Minor
>
> The API-based components (camel-fhir, camel-box, camel-twilio,
> camel-google-*, etc.) let a route override per-call parameters via prefixed
> exchange headers (e.g. CamelFhir.*). This is documented, intentional
> framework behavior, but the individual component documentation pages do not
> cross-reference the existing guidance in the security model about filtering
> Camel-internal headers from untrusted producers.
> Proposed change: add a brief paragraph (or an xref:) to the API-component
> documentation template linking to the "Strip Camel-internal headers at the
> trust boundary" section of
> docs/user-manual/modules/ROOT/pages/security-model.adoc.
> This is a pure documentation/consistency change spanning the API-based
> components; no code change is required.
> _Filed by Claude Code on behalf of Andrea Cosentino._
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
