k-krawczyk opened a new pull request, #23638:
URL: https://github.com/apache/camel/pull/23638
## Summary
Adds a note to each API-based component's documentation cross-referencing
the security model's guidance on stripping `Camel`-internal headers at the
trust boundary.
## Context
API-based components let routes override per-call parameters via
`Camel`-prefixed exchange headers (e.g. `CamelFhir.*`). This is intentional
framework behavior, but a route that consumes messages from untrusted producers
should strip those internal headers — for example with
`removeHeaders("Camel*")` — at the trust boundary. The component pages did not
previously cross-reference this guidance.
## Changes
- Added the same `[NOTE]` with an `xref:manual::security-model.adoc[...]` to
13 API-based component docs, right after the component options block: `as2`,
`box`, `braintree`, `dhis2`, `fhir`, `google-calendar`, `google-drive`,
`google-mail`, `google-sheets`, `olingo2`, `olingo4`, `twilio`, `zendesk`.
- Docs-only; the `docs/components/...` pages are symlinks to the component
sources, so only the 13 source `.adoc` files change.
Approach confirmed with @oscerd on the JIRA ticket (option B: a note per
component rather than a shared partial). A page-level xref (no fragment) is
used because the *Deployment hardening* section has no explicit anchor,
avoiding a cross-version broken link.
_Reported by Claude Code on behalf of Karol Krawczyk_
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
