Apache Camel sends internal headers to HTTP calls

Question

Apache Camel by default translates all the headers present in a message to HTTP headers. This is very useful, but since many components also use headers for internal state, there can be leak of internal information on external HTTP calls. Example, if the job was started using a timer / cron, we end up sending the following HTTP headers on the wire:

http-outgoing-1 >> fireTime: Mon Dec 28 10:14:00 CET 2020 
http-outgoing-1 >> jobDetail: JobDetail 'Camel_camel-1.sync':  jobClass: 'org.apache.camel.component.quartz.CamelJob concurrentExectionDisallowed: false persistJobDataAfterExecution: false isDurable: false requestsRecovers: false 
http-outgoing-1 >> jobInstance: org.apache.camel.component.quartz.CamelJob@4ff90d52 
http-outgoing-1 >> jobRunTime: -1 
http-outgoing-1 >> mergedJobDataMap: org.quartz.JobDataMap@2338bfe0 
http-outgoing-1 >> nextFireTime: Mon Dec 28 10:15:00 CET 2020 
http-outgoing-1 >> refireCount: 0 
http-outgoing-1 >> scheduledFireTime: Mon Dec 28 10:14:00 CET 2020 
http-outgoing-1 >> scheduler: org.quartz.impl.StdScheduler@17a5f565 
http-outgoing-1 >> trigger: Trigger 'Camel_camel-1.syncJob':  triggerClass: 'org.quartz.impl.triggers.CronTriggerImpl calendar: 'null' misfireInstruction: 1 nextFireTime: Mon Dec 28 10:15:00 CET 2020 
http-outgoing-1 >> triggerGroup: Camel_camel-1 
http-outgoing-1 >> triggerName: syncJob 
... (actual needed HTTP headers:)
http-outgoing-1 >> Connection: Keep-Alive 
http-outgoing-1 >> User-Agent: Apache-HttpClient/4.5.12 (Java/11.0.6) 

I know that I can remove all headers before attempting HTTP call. Since my other routes also add my internal headers which I need, it is not simple to just remove all "junk" headers for me at point before sending the call, but keeping my internal ones (which also end up in the HTTP call btw.).

I am aware that I can use properties for this. I am aware that I can disable headers of message to automatically be added as HTTP headers. In this case I am not sure if I need to add manually the headers which are needed for HTTP (like user-agent).

Also other frequent misuse of the headers is if you make 2 HTTP calls and forget to clear the headers, the output headers of the first call will become input headers of the first.

Anyone found a good workaround how to avoid this issue?

Answer 1

This is how HTTP-based endpoints (camel-http, camel-http4, camel-jetty, camel-restlet, camel-cxf, camel-cxfrs) process headers by default (you can customize this behavior using HeaderFilterStrategy).

• Consumer: creates an In message with CamelHttp* headers which record the status of the incoming message, all of the HTTP headers from the original message, and URL options (Jetty only).

• Producer: converts the Exchange it to the target message format with CamelHttp* headers to control the behaviour of the HTTP producer endpoint, Camel* headers are filtered out because they are intended for internal use, and all other headers are converted to HTTP headers with the exception of content-length, content-type, cache-control, connection, date, pragma, trailer, transfer-encoding, upgrade, via, warning.

it is not simple to just remove all "junk" headers for me at point before sending the call, but keeping my internal ones (which also end up in the HTTP call btw.).

You could prefix your internal one with Camel to avoid leaking them as HTTP headers. If you need some of them as HTTP headers, you can manually to the mapping to a different key before the call.

In this case I am not sure if I need to add manually the headers which are needed for HTTP (like user-agent).

You don't need them.

Also other frequent misuse of the headers is if you make 2 HTTP calls and forget to clear the headers, the output headers of the first call will become input headers of the first.

In this case, you should at least remove the control headers with .removeHeaders("CamelHttp*).