[
https://issues.apache.org/jira/browse/CAMEL-23891?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Andrea Cosentino updated CAMEL-23891:
-------------------------------------
Fix Version/s: 4.14.9
4.18.4
(was: 4.18.3)
(was: 4.14.8)
Description:
When {{MimeMultipartDataFormat}} unmarshals a MIME message with
{{headersInline=true}}, {{copyNonStandardHeaders()}} copies every MIME header
(except {{Message-ID}}, {{MIME-Version}} and {{Content-Type}}) directly into
the Camel message header map via {{Message.setHeader(...)}}, with no
{{HeaderFilterStrategy}} applied. As a result, MIME header names in Camel's
internal {{Camel*}} / {{org.apache.camel.*}} namespace are promoted into the
{{Exchange}} as-is.
This is inconsistent with:
* the camel-mail _consumer_ path, which applies {{MailHeaderFilterStrategy}}
(extends {{DefaultHeaderFilterStrategy}}) and filters the {{Camel*}} /
{{org.apache.camel.*}} namespace case-insensitively on the inbound direction;
* the data format's own _marshal_ path, where inline headers are copied only
when they match an explicit {{includeHeaders}} pattern (opt-in), whereas the
unmarshal path copies everything;
* the general convention that inbound mappers apply a strict, case-insensitive
{{HeaderFilterStrategy}} for the {{Camel*}} namespace.
h4. Proposed change
* In {{copyNonStandardHeaders(...)}} (and, for consistency, the
attachment-header copy in {{extractAttachments(...)}}), skip header names in
the {{Camel*}} / {{org.apache.camel.*}} namespace, matched case-insensitively
-- e.g. by delegating to
{{DefaultHeaderFilterStrategy.applyFilterToExternalHeaders(...)}} rather than
re-implementing prefix checks.
* Optionally expose a configurable {{HeaderFilterStrategy}} on the data format
(defaulting to the strict behaviour) so a route author who genuinely needs such
headers can opt in explicitly, preserving backwards compatibility where
required.
* Add unit tests: (a) an inbound {{Camel*}} MIME header is not promoted by
default; (b) ordinary application headers (e.g. {{X-...}}) still pass through;
(c) case-insensitive matching ({{camelXxx}}, {{CAMELXxx}}).
h4. Affected files
*
{{components/camel-mail/src/main/java/org/apache/camel/dataformat/mime/multipart/MimeMultipartDataFormat.java}}
* tests under {{components/camel-mail/src/test/java/...}}
h4. Documentation
Note the behaviour change in the camel-mail data format docs and the 4.x
upgrade guide: default-deny of inbound {{Camel*}} headers on
{{headersInline=true}} unmarshal is a potential behaviour change for routes
relying on the prior pass-through.
h4. Backport
The code is identical on {{main}}, {{camel-4.18.x}} and {{camel-4.14.x}}
(present since 2.17.0). To be backported to the active maintenance lines
(4.18.4 and 4.14.9). The freshly-cut {{camel-4.21.x}} line is also affected; a
4.21.1 backport should be included if that line receives a maintenance release.
was:
When {{MimeMultipartDataFormat}} unmarshals a MIME message with
{{headersInline=true}}, {{copyNonStandardHeaders()}} copies every MIME header
(except {{Message-ID}}, {{MIME-Version}} and {{Content-Type}}) directly into
the Camel message header map via {{Message.setHeader(...)}}, with no
{{HeaderFilterStrategy}} applied. As a result, MIME header names in Camel's
internal {{Camel*}} / {{org.apache.camel.*}} namespace are promoted into the
{{Exchange}} as-is.
This is inconsistent with:
* the camel-mail _consumer_ path, which applies {{MailHeaderFilterStrategy}}
(extends {{DefaultHeaderFilterStrategy}}) and filters the {{Camel*}} /
{{org.apache.camel.*}} namespace case-insensitively on the inbound direction;
* the data format's own _marshal_ path, where inline headers are copied only
when they match an explicit {{includeHeaders}} pattern (opt-in), whereas the
unmarshal path copies everything;
* the general convention that inbound mappers apply a strict, case-insensitive
{{HeaderFilterStrategy}} for the {{Camel*}} namespace.
h4. Proposed change
* In {{copyNonStandardHeaders(...)}} (and, for consistency, the
attachment-header copy in {{extractAttachments(...)}}), skip header names in
the {{Camel*}} / {{org.apache.camel.*}} namespace, matched case-insensitively
-- e.g. by delegating to
{{DefaultHeaderFilterStrategy.applyFilterToExternalHeaders(...)}} rather than
re-implementing prefix checks.
* Optionally expose a configurable {{HeaderFilterStrategy}} on the data format
(defaulting to the strict behaviour) so a route author who genuinely needs such
headers can opt in explicitly, preserving backwards compatibility where
required.
* Add unit tests: (a) an inbound {{Camel*}} MIME header is not promoted by
default; (b) ordinary application headers (e.g. {{X-...}}) still pass through;
(c) case-insensitive matching ({{camelXxx}}, {{CAMELXxx}}).
h4. Affected files
*
{{components/camel-mail/src/main/java/org/apache/camel/dataformat/mime/multipart/MimeMultipartDataFormat.java}}
* tests under {{components/camel-mail/src/test/java/...}}
h4. Documentation
Note the behaviour change in the camel-mail data format docs and the 4.x
upgrade guide: default-deny of inbound {{Camel*}} headers on
{{headersInline=true}} unmarshal is a potential behaviour change for routes
relying on the prior pass-through.
h4. Backport
The code is identical on {{main}}, {{camel-4.18.x}} and {{camel-4.14.x}}
(present since 2.17.0). To be backported to the active maintenance lines
(4.18.3 and 4.14.8). The freshly-cut {{camel-4.21.x}} line is also affected; a
4.21.1 backport should be included if that line receives a maintenance release.
> camel-mail: apply inbound Camel* header filtering in MimeMultipartDataFormat
> unmarshal (headersInline=true), consistent with the mail consumer
> ----------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: CAMEL-23891
> URL: https://issues.apache.org/jira/browse/CAMEL-23891
> Project: Camel
> Issue Type: Improvement
> Components: camel-mail
> Reporter: Andrea Cosentino
> Assignee: Andrea Cosentino
> Priority: Major
> Fix For: 4.14.9, 4.18.4, 4.22.0
>
>
> When {{MimeMultipartDataFormat}} unmarshals a MIME message with
> {{headersInline=true}}, {{copyNonStandardHeaders()}} copies every MIME header
> (except {{Message-ID}}, {{MIME-Version}} and {{Content-Type}}) directly into
> the Camel message header map via {{Message.setHeader(...)}}, with no
> {{HeaderFilterStrategy}} applied. As a result, MIME header names in Camel's
> internal {{Camel*}} / {{org.apache.camel.*}} namespace are promoted into the
> {{Exchange}} as-is.
> This is inconsistent with:
> * the camel-mail _consumer_ path, which applies {{MailHeaderFilterStrategy}}
> (extends {{DefaultHeaderFilterStrategy}}) and filters the {{Camel*}} /
> {{org.apache.camel.*}} namespace case-insensitively on the inbound direction;
> * the data format's own _marshal_ path, where inline headers are copied only
> when they match an explicit {{includeHeaders}} pattern (opt-in), whereas the
> unmarshal path copies everything;
> * the general convention that inbound mappers apply a strict,
> case-insensitive {{HeaderFilterStrategy}} for the {{Camel*}} namespace.
> h4. Proposed change
> * In {{copyNonStandardHeaders(...)}} (and, for consistency, the
> attachment-header copy in {{extractAttachments(...)}}), skip header names in
> the {{Camel*}} / {{org.apache.camel.*}} namespace, matched case-insensitively
> -- e.g. by delegating to
> {{DefaultHeaderFilterStrategy.applyFilterToExternalHeaders(...)}} rather than
> re-implementing prefix checks.
> * Optionally expose a configurable {{HeaderFilterStrategy}} on the data
> format (defaulting to the strict behaviour) so a route author who genuinely
> needs such headers can opt in explicitly, preserving backwards compatibility
> where required.
> * Add unit tests: (a) an inbound {{Camel*}} MIME header is not promoted by
> default; (b) ordinary application headers (e.g. {{X-...}}) still pass
> through; (c) case-insensitive matching ({{camelXxx}}, {{CAMELXxx}}).
> h4. Affected files
> *
> {{components/camel-mail/src/main/java/org/apache/camel/dataformat/mime/multipart/MimeMultipartDataFormat.java}}
> * tests under {{components/camel-mail/src/test/java/...}}
> h4. Documentation
> Note the behaviour change in the camel-mail data format docs and the 4.x
> upgrade guide: default-deny of inbound {{Camel*}} headers on
> {{headersInline=true}} unmarshal is a potential behaviour change for routes
> relying on the prior pass-through.
> h4. Backport
> The code is identical on {{main}}, {{camel-4.18.x}} and {{camel-4.14.x}}
> (present since 2.17.0). To be backported to the active maintenance lines
> (4.18.4 and 4.14.9). The freshly-cut {{camel-4.21.x}} line is also affected;
> a 4.21.1 backport should be included if that line receives a maintenance
> release.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)