Andrea Cosentino created CAMEL-23527:
----------------------------------------
Summary: API-based component docs: link to security-model
header-filtering guidance
Key: CAMEL-23527
URL: https://issues.apache.org/jira/browse/CAMEL-23527
Project: Camel
Issue Type: Improvement
Components: documentation
Reporter: Andrea Cosentino
The API-based components (camel-fhir, camel-box, camel-twilio, camel-google-*,
etc.) let a route override per-call parameters via prefixed exchange headers
(e.g. CamelFhir.*). This is documented, intentional framework behavior, but the
individual component documentation pages do not cross-reference the existing
guidance in the security model about filtering Camel-internal headers from
untrusted producers.
Proposed change: add a brief paragraph (or an xref:) to the API-component
documentation template linking to the "Strip Camel-internal headers at the
trust boundary" section of
docs/user-manual/modules/ROOT/pages/security-model.adoc.
This is a pure documentation/consistency change spanning the API-based
components; no code change is required.
_Filed by Claude Code on behalf of Andrea Cosentino._
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
