[
https://issues.apache.org/jira/browse/CAMEL-8625?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15470860#comment-15470860
]
Wouter Blancquaert edited comment on CAMEL-8625 at 9/7/16 3:04 PM:
-------------------------------------------------------------------
Hi,
We encountered an issue which is strongly correlated to the issue described
above.
We saw that in the outgoing restlet response, incoming request form parameters
are attached. In our case, one of these form parameters were having a newline
character. The response went through a HAProxy instance, marking the response
header (which was actually a request header) as having an unauthorized
character, provoking a HTTP 502 bad gateway.
In the end, the incoming form parameters should not be routed back to the
response, so I did an effort implementing solution c prefixing the keys. It is
however not "toggleable", but you might want to use this as a base to fix this
issue.
I've attached the patched files.
Kind regards
was (Author: wblancqu):
Hi,
We encountered an issue which is strongly correlated to the issue described
above.
We saw that in the outgoing restlet response, incoming request form parameters
are attached. In our case, one of these form parameters were having a newline
character. The response went through a HAProxy instance, marking the response
header (which was actually a request header) as having an unauthorized
character, provoking a HTTP 502 bad gateway.
In the end, the incoming form parameters should not be routed back to the
response, so I did an effort implementing solution c prefixing the keys. It is
however not "toggleable", but you might want to use this as a base to fix this
issue.
Kind regards
> camel-restlet - Form fields overwrite headers in InMessage
> ----------------------------------------------------------
>
> Key: CAMEL-8625
> URL: https://issues.apache.org/jira/browse/CAMEL-8625
> Project: Camel
> Issue Type: Improvement
> Components: camel-restlet
> Affects Versions: 2.13.4, 2.14.2, 2.15.1
> Environment: Linux
> Reporter: Tomasz Ptak
> Fix For: Future
>
> Attachments: DefaultRestletBindingFixed.java, FormParameter.java
>
>
> DefaultRestletBinding adds values from submitted form as headers in the
> inMessage of the exchange. As a result it is close to impossible to rely on
> any of the values provided.
> Suggested solution:
> a) form values should be stored separately, or
> b) populating headers from the form should fail if a header with this key
> already exists
> c) prefixing keys coming from the form with something, for instance "form."
> Solution a is a safer solution which will break compatibility with previous
> versions of Apache Camel (it can also be spread over a number of releases,
> first introducing new field for form values and logging a warning if form
> data is being extracted, next making it configurable and disabled by default,
> then removing this functionality).
> Solution b is backwards compatible if this behaviour is not used as a feature
> (if it is, it should not). That said someone could still use it to populate
> RestletRequest-like headers in the Message.
> Solution c would be rather ok as well, but I like a more, personally.
> I can provide a patch if any solution is accepted.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
