[
https://issues.apache.org/jira/browse/CAMEL-22353?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18015344#comment-18015344
]
Valeriy Ak edited comment on CAMEL-22353 at 8/21/25 7:49 AM:
-------------------------------------------------------------
Fix rfc url - https://www.rfc-editor.org/rfc/rfc7230#section-3.2.6
{code}
Most HTTP header field values are defined using common syntax
components (token, quoted-string, and comment) separated by
whitespace or specific delimiting characters. Delimiters are chosen
from the set of US-ASCII visual characters not allowed in a token
(DQUOTE and "(),/:;<=>?@[\]{}").
token = 1*tchar
tchar = "!" / "#" / "$" / "%" / "&" / "'" / "*"
/ "+" / "-" / "." / "^" / "_" / "`" / "|" / "~"
/ DIGIT / ALPHA
; any VCHAR, except delimiters
{code}
[~davsclaus] Sure, I have one idea how can it can be fixed. What do you think
about "strict header validation mode" flag in HttpHeaderFilterStrategy for
both in and out type? If it true, it will validate headers name according to
https://www.rfc-editor.org/rfc/rfc7230#section-3.2.6
was (Author: akvel):
Fix rfc url - https://www.rfc-editor.org/rfc/rfc7230#section-3.2.6
{code}
Most HTTP header field values are defined using common syntax
components (token, quoted-string, and comment) separated by
whitespace or specific delimiting characters. Delimiters are chosen
from the set of US-ASCII visual characters not allowed in a token
(DQUOTE and "(),/:;<=>?@[\]{}").
token = 1*tchar
tchar = "!" / "#" / "$" / "%" / "&" / "'" / "*"
/ "+" / "-" / "." / "^" / "_" / "`" / "|" / "~"
/ DIGIT / ALPHA
; any VCHAR, except delimiters
{code}
[~davsclaus] Sure, I have one idea how can be fixed. What do you think about
"strict header validation mode" flag in HttpHeaderFilterStrategy for both in
and out type? If it true, it will validate headers name according to
https://www.rfc-editor.org/rfc/rfc7230#section-3.2.6
> Undertow "null header error" on response if there is an invalid character in
> the request header name
> ----------------------------------------------------------------------------------------------------
>
> Key: CAMEL-22353
> URL: https://issues.apache.org/jira/browse/CAMEL-22353
> Project: Camel
> Issue Type: Improvement
> Components: camel-undertow
> Affects Versions: 4.13.0
> Reporter: Valeriy Ak
> Priority: Minor
> Labels: Undertow
> Fix For: 4.x
>
>
> I understand that this is not exactly a Camel component bug, but more of a
> compatibility issue. However, it seems like it would be nice to support this
> compatibility.
> In [Undertow|https://github.com/undertow-io/undertow], when forming a
> response, there is a built-in check for characters ([only codes 0–255 are
> allowed|https://github.com/undertow-io/undertow/blame/0ea9ca3f1b79389daea2d46aaa33977d5154be15/core/src/main/java/io/undertow/util/HttpString.java#L159])
> . If an invalid character appears in a header name, then the name becomes
> {{null}} and an exception is thrown.
> When responding, {{HttpHeaderFilterStrategy}} checks the header name for
> {{{}null{}}}, but does not check for RFC validity
> ([link|https://www.rfc-editor.org/rfc/rfc7230#section-3.2.4]).
> It would be great to add a mode for validating header correctness on input,
> or perhaps suports Undertow logic for response.
>
> {code:java}
> java.lang.NullPointerException: UT010052: Header name was nul
> at
> io.undertow.servlet.spec.HttpServletResponseImpl.addHeader(HttpServletResponseImpl.java:271)
> ~[undertow-servlet-2.3.18.Final.jar:2.3.18.Final]
> at
> io.undertow.servlet.spec.HttpServletResponseImpl.addHeader(HttpServletResponseImpl.java:266)
> ~[undertow-servlet-2.3.18.Final.jar:2.3.18.Final]
> at
> org.apache.camel.http.common.DefaultHttpBinding.doWriteResponse(DefaultHttpBinding.java:443)
> ~[camel-http-common-4.13.0.jar:4.13.0]
> at
> org.apache.camel.http.common.DefaultHttpBinding.writeResponse(DefaultHttpBinding.java:373)
> ~[camel-http-common-4.13.0.jar:4.13.0]
> at
> org.apache.camel.http.common.CamelServlet.afterProcess(CamelServlet.java:380)
> ~[camel-http-common-4.13.0.jar:4.13.0]
> at org.apache.camel.http.common.CamelServlet.doExecute(CamelServlet.java:321)
> ~[camel-http-common-4.13.0.jar:4.13.0]
> at org.apache.camel.http.common.CamelServlet.doService(CamelServlet.java:235)
> ~[camel-http-common-4.13.0.jar:4.13.0]
> at
> org.apache.camel.http.common.CamelServlet.handleService(CamelServlet.java:111)
> ~[camel-http-common-4.13.0.jar:4.13.0] {code}
>
> Simle example project of that error (just run test) -
> [https://github.com/Akvel/camel-header-error-example]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
