This is an automated email from the ASF dual-hosted git repository. davsclaus pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/camel.git
The following commit(s) were added to refs/heads/main by this push: new 77653d0644b CAMEL-20620: camel-platform-http-vertx - Path parameters should not leak back to calling client (#13648) 77653d0644b is described below commit 77653d0644b1ff75816b870042f0c38dcc79a6ec Author: Claus Ibsen <claus.ib...@gmail.com> AuthorDate: Fri Mar 29 08:34:38 2024 +0100 CAMEL-20620: camel-platform-http-vertx - Path parameters should not leak back to calling client (#13648) --- .../platform/http/vertx/VertxPlatformHttpSupport.java | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/components/camel-platform-http-vertx/src/main/java/org/apache/camel/component/platform/http/vertx/VertxPlatformHttpSupport.java b/components/camel-platform-http-vertx/src/main/java/org/apache/camel/component/platform/http/vertx/VertxPlatformHttpSupport.java index 9230343a36e..887064f6ddf 100644 --- a/components/camel-platform-http-vertx/src/main/java/org/apache/camel/component/platform/http/vertx/VertxPlatformHttpSupport.java +++ b/components/camel-platform-http-vertx/src/main/java/org/apache/camel/component/platform/http/vertx/VertxPlatformHttpSupport.java @@ -66,16 +66,17 @@ public final class VertxPlatformHttpSupport { } static Object toHttpResponse( - HttpServerResponse response, Message message, HeaderFilterStrategy headerFilterStrategy, + RoutingContext ctx, Message message, HeaderFilterStrategy headerFilterStrategy, boolean muteExceptions) { final Exchange exchange = message.getExchange(); + HttpServerResponse response = ctx.response(); final int code = determineResponseCode(exchange, message.getBody()); response.setStatusCode(code); // copy headers from Message to Response if (headerFilterStrategy != null) { - copyMessageHeadersToResponse(response, message, headerFilterStrategy, exchange); + copyMessageHeadersToResponse(response, ctx.pathParams(), message, headerFilterStrategy, exchange); } final Object body = getBody(message, muteExceptions, exchange); @@ -130,11 +131,18 @@ public final class VertxPlatformHttpSupport { } private static void copyMessageHeadersToResponse( - HttpServerResponse response, Message message, HeaderFilterStrategy headerFilterStrategy, Exchange exchange) { + HttpServerResponse response, Map<String, String> pathParams, + Message message, HeaderFilterStrategy headerFilterStrategy, Exchange exchange) { final TypeConverter tc = exchange.getContext().getTypeConverter(); for (Map.Entry<String, Object> entry : message.getHeaders().entrySet()) { final String key = entry.getKey(); + + // skip headers that are path-params as we do not want to leak them back to the caller + if (pathParams.containsKey(key)) { + continue; + } + final Object value = entry.getValue(); // use an iterator as there can be multiple values. (must not use a delimiter) final Iterator<?> it = ObjectHelper.createIterator(value, null, true); @@ -170,7 +178,7 @@ public final class VertxPlatformHttpSupport { static Future<Void> writeResponse( RoutingContext ctx, Exchange camelExchange, HeaderFilterStrategy headerFilterStrategy, boolean muteExceptions) { - final Object body = toHttpResponse(ctx.response(), camelExchange.getMessage(), headerFilterStrategy, muteExceptions); + final Object body = toHttpResponse(ctx, camelExchange.getMessage(), headerFilterStrategy, muteExceptions); final Promise<Void> promise = Promise.promise(); if (body == null) {