Hello.
I am troubled with unintentional headers leaked out through http component.
More specifically, the request headers servlet received, which contains some
private headers that I don't want to be leaked out, are put into IN message,
then http component automatically use that headers and leak them out.
// Request headers come in, e.g. Cookie, Authorization, etc...
rest("/foo").verb("GET", "/sample")
.to("direct:sample");
from("direct:sample")
// The above headers are unintentionally leaked out here.
.to("http://example.com";);
To cope with it, I am moving headers of IN message to Exchange Property.
Are there any better ways?
I don't use HeaderFilterStrategy or removeHeaders because I want to keep some
of them to use later.
Also, I am concerned about the possibility that http component will be changed
in the future to use Exchange Property and leak them out.
Does anyone know if there is such possibility?
I know that the following statement get the value of foo from Exchange Property
when foo is not found in headers.
<simple>${header.foo}</simple>
That's why I have become concerned about the possibility.
Thank you in advance.
Best regards.
Nobuyuki Mizoguchi
