New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Keep API Gateway headers in proxy requests #1764
base: develop
Are you sure you want to change the base?
Conversation
@@ -599,7 +599,7 @@ export const RemoteServerFactory = { | |||
// do that now so that the rest of the code don't have to deal | |||
// with these headers, which can be large and may be accidentally | |||
// forwarded to other servers. | |||
X_HEADERS_TO_REMOVE.forEach((key) => { | |||
X_HEADERS_TO_REMOVE_ORIGIN.forEach((key) => { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Non-blocking longer term note: it might be useful to move this header removal to platform middleware to fully isolate the values from customer code
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks good, nice test updates 👍
* @private | ||
* @type {string[]} | ||
*/ | ||
export const X_HEADERS_TO_REMOVE_ORIGIN = [ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@kieran-sf Would this be considered a breaking change?
If customers were relying on the removal or existence of those headers and suddenly found them present or missing in the requests, Could this lead to unexpected behaviour, errors or data exposure?
At the very least, are we planning on documenting the changes that could impact customers and provide examples for those who need to maintain the current behaviour?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We reviewed the changes and agreed that although there is technically a change in the behavior of the proxies, we don't expect significant consequences for existing apps that now include the headers that we were previously removing. We consider the changes to solve the reported bug.
Keep API Gateway headers in proxied requests
Description
Keep all API Gateway headers in requests sent to proxies. APIG headers are still stripped on requests to the origin.
WI
Types of Changes
Changes
How to Test-Drive This PR
x-api-key
headerChecklists
General
Accessibility Compliance
You must check off all items in one of the follow two lists:
or...
Localization