[
https://issues.apache.org/jira/browse/CAMEL-6865?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13954892#comment-13954892
]
daniel carter commented on CAMEL-6865:
--------------------------------------
Also if we keep the default of passing all exchange headers on HTTP, this
should be *very* clearly documented, as the consequences could be severe. In
our case it was exposing sensitive data over HTTP to 3rd parties.
> Investigate if CXF RS component can make in HTTP headers not visible to the
> rest of the route
> ---------------------------------------------------------------------------------------------
>
> Key: CAMEL-6865
> URL: https://issues.apache.org/jira/browse/CAMEL-6865
> Project: Camel
> Issue Type: Improvement
> Components: camel-cxf
> Affects Versions: 2.12.1
> Reporter: Sergey Beryozkin
> Priority: Minor
>
> According to the user reports, CXF RS component can make the incoming HTTP
> headers visible to the components which follow it, IMHO by default such
> headers should only be visible to CXF endpoint.
> Check if it is realistic to do it.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
