CODEWITHSUNDEEP
javaroutesapache-camelsiteminderenterprise-integration
Fahim Farook
Fahim Farook

Reputation: 1483

Apache Camel copies all the request headers to response

I have a camel route which sets few custom headers and acts as a reverse proxy.

from("servlet:///listen/path?matchOnUriPrefix=true")
            .setHeader(Exchange.HTTP_RESPONSE_CODE, simple("200"))
            .setHeader("MY_HEADER", simple("MY_VALUE"))
            .to("some endpont");

Th request to app server are passed through a web agent and web agent sets some headers to requests. These headers contain some sensitive information. However looks like the camel rout copies all the request headers to response as response headers and as a result the sensitive information set by the web agen is available at browser end.

Browser         Web agent

  +--+                                    Camel Route
  |  |         +----------+               +------------+
  |  +-------> | Sets some|-------------> |            |
  |  |         | headers  |               |            |
  |  | <-------| to request <-------------+            |
  |  |         |          |               |            |
  |  |         +----------+               +------------+
  |  |            
  +--+                                
Response headers
having web-agent
headers

However when I skipped the camel rout the response didn't have web-agent headers. So I suspect that the camel / servelet component copies request headers to response. Please note that I'm not copying any request headers to response from my code within the roue. Please shed some light on this.

UPDATE

As per camel servlet documentation

Camel will apply the same Message Headers as the HTTP component. Camel will also populate all request.parameter and request.headers. For example, if a client request has the URL, http://myserver/myserver?orderid=123, the exchange will contain a header named orderid with the value 123.

Does this mean servlet component copy all the request headers to response? If so how to disable it?

Upvotes: 3

Views: 3487

Answers (2)

SavvasM
SavvasM

Reputation: 49

You can add "copyHeaders=false" to your forwarding url

Upvotes: 0

Souciance Eqdam Rashti
Souciance Eqdam Rashti

Reputation: 3193

Do you want to remove the headers before sending them? Why don't you just remove the incoming headers from the request message using .removeHeaders() . You can off course supply a pattern to that statement so that you remove specific headers. At least this way you can make sure those headers are not passed to the response message.

Upvotes: 1

Related Questions