Andrea Cosentino created CAMEL-23891:
----------------------------------------

             Summary: camel-mail: apply inbound Camel* header filtering in 
MimeMultipartDataFormat unmarshal (headersInline=true), consistent with the 
mail consumer
                 Key: CAMEL-23891
                 URL: https://issues.apache.org/jira/browse/CAMEL-23891
             Project: Camel
          Issue Type: Improvement
          Components: camel-mail
            Reporter: Andrea Cosentino
            Assignee: Andrea Cosentino
             Fix For: 4.22.0, 4.18.3, 4.14.8


When {{MimeMultipartDataFormat}} unmarshals a MIME message with 
{{headersInline=true}}, {{copyNonStandardHeaders()}} copies every MIME header 
(except {{Message-ID}}, {{MIME-Version}} and {{Content-Type}}) directly into 
the Camel message header map via {{Message.setHeader(...)}}, with no 
{{HeaderFilterStrategy}} applied. As a result, MIME header names in Camel's 
internal {{Camel*}} / {{org.apache.camel.*}} namespace are promoted into the 
{{Exchange}} as-is.

This is inconsistent with:
* the camel-mail _consumer_ path, which applies {{MailHeaderFilterStrategy}} 
(extends {{DefaultHeaderFilterStrategy}}) and filters the {{Camel*}} / 
{{org.apache.camel.*}} namespace case-insensitively on the inbound direction;
* the data format's own _marshal_ path, where inline headers are copied only 
when they match an explicit {{includeHeaders}} pattern (opt-in), whereas the 
unmarshal path copies everything;
* the general convention that inbound mappers apply a strict, case-insensitive 
{{HeaderFilterStrategy}} for the {{Camel*}} namespace.

h4. Proposed change
* In {{copyNonStandardHeaders(...)}} (and, for consistency, the 
attachment-header copy in {{extractAttachments(...)}}), skip header names in 
the {{Camel*}} / {{org.apache.camel.*}} namespace, matched case-insensitively 
-- e.g. by delegating to 
{{DefaultHeaderFilterStrategy.applyFilterToExternalHeaders(...)}} rather than 
re-implementing prefix checks.
* Optionally expose a configurable {{HeaderFilterStrategy}} on the data format 
(defaulting to the strict behaviour) so a route author who genuinely needs such 
headers can opt in explicitly, preserving backwards compatibility where 
required.
* Add unit tests: (a) an inbound {{Camel*}} MIME header is not promoted by 
default; (b) ordinary application headers (e.g. {{X-...}}) still pass through; 
(c) case-insensitive matching ({{camelXxx}}, {{CAMELXxx}}).

h4. Affected files
* 
{{components/camel-mail/src/main/java/org/apache/camel/dataformat/mime/multipart/MimeMultipartDataFormat.java}}
* tests under {{components/camel-mail/src/test/java/...}}

h4. Documentation
Note the behaviour change in the camel-mail data format docs and the 4.x 
upgrade guide: default-deny of inbound {{Camel*}} headers on 
{{headersInline=true}} unmarshal is a potential behaviour change for routes 
relying on the prior pass-through.

h4. Backport
The code is identical on {{main}}, {{camel-4.18.x}} and {{camel-4.14.x}} 
(present since 2.17.0). To be backported to the active maintenance lines 
(4.18.3 and 4.14.8). The freshly-cut {{camel-4.21.x}} line is also affected; a 
4.21.1 backport should be included if that line receives a maintenance release.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to