oscerd opened a new pull request, #23522:
URL: https://github.com/apache/camel/pull/23522
## Summary
Adds `"websocket."` to both `setOutFilterStartsWith` and
`setInFilterStartsWith`
on `UndertowHeaderFilterStrategy`, in addition to the existing `Camel*` /
`camel*` prefixes inherited from `HttpHeaderFilterStrategy`. This follows the
dedicated-HeaderFilterStrategy fix shape used by CAMEL-23532 for
`camel-vertx-websocket` / `camel-atmosphere-websocket` / `camel-iggy` and is
the `camel-undertow` follow-on called out by CAMEL-23577.
## Why not rename the constants
The constants in `UndertowConstants` (`CONNECTION_KEY`,
`CONNECTION_KEY_LIST`,
`SEND_TO_ALL`, `EVENT_TYPE`, `EVENT_TYPE_ENUM`, `CHANNEL`, `EXCHANGE`) keep
their existing string values (`websocket.connectionKey`,
`websocket.connectionKey.list`, `websocket.sendToAll`, ...) because they are
part of undertow's **externally-visible API contract** — they appear in the
component docs and route examples. The CAMEL-23577 epic explicitly cites
`websocket.connectionKey` as the canonical case for the
dedicated-filter-strategy shape rather than the rename shape.
## Behaviour change (transport-boundary only)
- **Outbound (exchange → wire):** exchange headers whose name starts with
`websocket.` are no longer propagated onto the outbound HTTP/websocket
request as wire-level headers.
- **Inbound (wire → exchange):** wire-level headers whose name starts with
`websocket.` are no longer mapped into the resulting Camel exchange.
The undertow consumer's programmatic `setHeader(CONNECTION_KEY, ...)` and the
producer's `in.getHeader(CONNECTION_KEY, ...)` operate on the exchange
directly and are unaffected by the filter strategy.
## Residual gap and defence-in-depth recommendation
The `HeaderFilterStrategy` only governs the transport boundary; it does
**not**
prevent cross-component header injection (for example,
`from("jetty:...").to("undertow:ws://...")` — an attacker-supplied
`websocket.connectionKey` HTTP header is mapped into the exchange by jetty
and
then read by the undertow producer to target a specific peer). The
upgrade-guide entry documents the residual gap and recommends
`.removeHeaders("websocket.*")` at trust boundaries as the
defence-in-depth pattern:
```java
from("jetty:http://0.0.0.0:8080/api";)
.removeHeaders("websocket.*")
.to("undertow:ws://internal-broker/notifications");
```
## Opt-out
Routes that intentionally relied on undertow mapping `websocket.*` wire
headers in or out can supply a custom `headerFilterStrategy` endpoint option
to restore the previous behaviour.
## Backports
- `camel-4.18.x` — `UndertowHeaderFilterStrategy` has the same shape (extends
`HttpHeaderFilterStrategy`); backport applies cleanly.
- `camel-4.14.x` — `UndertowHeaderFilterStrategy` extends
`DefaultHeaderFilterStrategy` (not `HttpHeaderFilterStrategy`) and already
sets `CAMEL_FILTER_STARTS_WITH` explicitly; backport needs a small
adaptation. Will be filed as follow-up PR.
## Test plan
- [x] `mvn test` in `components/camel-undertow` — 161 tests pass (1 skipped)
- [x] Diff vs `origin/main` is purely additive (65 insertions, 0 deletions)
- [x] Upgrade guide entry added under `=== camel-undertow - potential
breaking
change` documenting the behaviour change, the cross-component-injection
residual gap, and the recommended `.removeHeaders("websocket.*")`
mitigation
Tracker: CAMEL-23577
_Reported by Claude Code on behalf of Andrea Cosentino_
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
