camel-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "daniel carter (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CAMEL-6865) Investigate if CXF RS component can make in HTTP headers not visible to the rest of the route
Date Mon, 31 Mar 2014 01:03:43 GMT

    [ https://issues.apache.org/jira/browse/CAMEL-6865?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13954892#comment-13954892
] 

daniel carter commented on CAMEL-6865:
--------------------------------------

Also if we keep the default of passing all exchange headers on HTTP, this should be *very*
clearly documented, as the consequences could be severe.  In our case it was exposing sensitive
data over HTTP to 3rd parties.

> Investigate if CXF RS component can make in HTTP headers not visible to the rest of the
route
> ---------------------------------------------------------------------------------------------
>
>                 Key: CAMEL-6865
>                 URL: https://issues.apache.org/jira/browse/CAMEL-6865
>             Project: Camel
>          Issue Type: Improvement
>          Components: camel-cxf
>    Affects Versions: 2.12.1
>            Reporter: Sergey Beryozkin
>            Priority: Minor
>
> According to the user reports, CXF RS component can make the incoming HTTP headers visible
to the components which follow it, IMHO by default such headers should only be visible to
CXF endpoint. 
> Check if it is realistic to do it. 



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message