Andrea Cosentino created CAMEL-23891:
----------------------------------------
Summary: camel-mail: apply inbound Camel* header filtering in
MimeMultipartDataFormat unmarshal (headersInline=true), consistent with the
mail consumer
Key: CAMEL-23891
URL: https://issues.apache.org/jira/browse/CAMEL-23891
Project: Camel
Issue Type: Improvement
Components: camel-mail
Reporter: Andrea Cosentino
Assignee: Andrea Cosentino
Fix For: 4.22.0, 4.18.3, 4.14.8
When {{MimeMultipartDataFormat}} unmarshals a MIME message with
{{headersInline=true}}, {{copyNonStandardHeaders()}} copies every MIME header
(except {{Message-ID}}, {{MIME-Version}} and {{Content-Type}}) directly into
the Camel message header map via {{Message.setHeader(...)}}, with no
{{HeaderFilterStrategy}} applied. As a result, MIME header names in Camel's
internal {{Camel*}} / {{org.apache.camel.*}} namespace are promoted into the
{{Exchange}} as-is.
This is inconsistent with:
* the camel-mail _consumer_ path, which applies {{MailHeaderFilterStrategy}}
(extends {{DefaultHeaderFilterStrategy}}) and filters the {{Camel*}} /
{{org.apache.camel.*}} namespace case-insensitively on the inbound direction;
* the data format's own _marshal_ path, where inline headers are copied only
when they match an explicit {{includeHeaders}} pattern (opt-in), whereas the
unmarshal path copies everything;
* the general convention that inbound mappers apply a strict, case-insensitive
{{HeaderFilterStrategy}} for the {{Camel*}} namespace.
h4. Proposed change
* In {{copyNonStandardHeaders(...)}} (and, for consistency, the
attachment-header copy in {{extractAttachments(...)}}), skip header names in
the {{Camel*}} / {{org.apache.camel.*}} namespace, matched case-insensitively
-- e.g. by delegating to
{{DefaultHeaderFilterStrategy.applyFilterToExternalHeaders(...)}} rather than
re-implementing prefix checks.
* Optionally expose a configurable {{HeaderFilterStrategy}} on the data format
(defaulting to the strict behaviour) so a route author who genuinely needs such
headers can opt in explicitly, preserving backwards compatibility where
required.
* Add unit tests: (a) an inbound {{Camel*}} MIME header is not promoted by
default; (b) ordinary application headers (e.g. {{X-...}}) still pass through;
(c) case-insensitive matching ({{camelXxx}}, {{CAMELXxx}}).
h4. Affected files
*
{{components/camel-mail/src/main/java/org/apache/camel/dataformat/mime/multipart/MimeMultipartDataFormat.java}}
* tests under {{components/camel-mail/src/test/java/...}}
h4. Documentation
Note the behaviour change in the camel-mail data format docs and the 4.x
upgrade guide: default-deny of inbound {{Camel*}} headers on
{{headersInline=true}} unmarshal is a potential behaviour change for routes
relying on the prior pass-through.
h4. Backport
The code is identical on {{main}}, {{camel-4.18.x}} and {{camel-4.14.x}}
(present since 2.17.0). To be backported to the active maintenance lines
(4.18.3 and 4.14.8). The freshly-cut {{camel-4.21.x}} line is also affected; a
4.21.1 backport should be included if that line receives a maintenance release.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)