Re: [PR] CAMEL-23520: camel-mail: option to lock recipients/sender/subject to … [camel]

Thu, 11 Jun 2026 12:04:54 -0700 


davsclaus commented on code in PR #23969:
URL: https://github.com/apache/camel/pull/23969#discussion_r3398444503


##########
components/camel-mail/src/main/docs/mail-component.adoc:
##########
@@ -253,6 +253,34 @@ headers.put("to", "[email protected]");
 template.sendBodyAndHeaders("smtp://admin@[email protected]", 
"Hello World", headers);
 
------------------------------------------------------------------------------------------------------------
 
+==== Opting out of header overrides (trust-boundary hardening)
+
+For routes where message headers originate from an untrusted source (for
+example messages bridged from an HTTP endpoint, a JMS queue, or a Kafka
+topic), allowing inbound headers to override recipients, sender, or
+subject can enable an attacker to redirect mail, forge the sender
+address, or inject arbitrary subjects. Three opt-in `@UriParam` options
+let you lock the endpoint configuration so it cannot be overridden by
+message headers:
+
+[options="header"]
+|===
+| Option               | Default | Effect when set to `false`
+| `useHeaderRecipients`| `true`  | Endpoint URI to/cc/bcc always used; 
To/CC/BCC headers ignored.
+| `useHeaderFrom`      | `true`  | Endpoint URI from always used; From/Sender 
headers ignored.
+| `useHeaderSubject`   | `true`  | Endpoint URI subject always used; Subject 
header ignored.
+|===
+
+All three default to `true` so existing behaviour is preserved. Example:
+
+[source,java]
+----
+.to("smtp://relay@[email protected]&[email protected]"
+  + "&useHeaderRecipients=false&useHeaderFrom=false");
+----
+
+NOTE: These options do *not* strip the headers from the exchange. See the 
xref:manual::security-model.adoc#_deployment_hardening[Camel Security Model]

Review Comment:
   Minor doc fix: this line ends without a period, and the link text says 
"Camel Security Model" but targets the `#_deployment_hardening` anchor. 
Suggestion:
   
   ```suggestion
   NOTE: These options do *not* strip the headers from the exchange. See the 
xref:manual::security-model.adoc#_deployment_hardening[Deployment hardening] 
section of the Security Model.
   ```



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to