Keep API Gateway headers in proxy requests

[kieran-sf]

Keep API Gateway headers in proxied requests

Description

Keep all API Gateway headers in requests sent to proxies. APIG headers are still stripped on requests to the origin.
WI

Types of Changes

• Bug fix (non-breaking change that fixes an issue)
• New feature (non-breaking change that adds functionality)
• Documentation update
• Breaking change (could cause existing functionality to not work as expected)
• Other changes (non-breaking changes that does not fit any of the above)

Breaking changes include:

• Removing a public function or component or prop
• Adding a required argument to a function
• Changing the data type of a function parameter or return value
• Adding a new peer dependency to package.json

Changes

• Keep APIG headers in proxy requests

How to Test-Drive This PR

• The deploy test instance of MRT
• Push this reference bundle
• Add an httpbin proxy and request it with an x-api-key header

Checklists

General

• Changes are covered by test cases
• CHANGELOG.md updated with a short description of changes (not required for documentation updates)

Accessibility Compliance

You must check off all items in one of the follow two lists:

• There are no changes to UI

or...

• Changes were tested with a Screen Reader (iOS VoiceOver or Android Talkback) and had no issues
• Changes comply with WCAG 2.0 guidelines levels A and AA
• Changes to common UI patterns and interactions comply with WAI-ARIA best practices

Localization

• Changes include a UI text update in the Retail React App (which requires translation)

[noahadams]

Non-blocking longer term note: it might be useful to move this header removal to platform middleware to fully isolate the values from customer code

[noahadams]

This looks good, nice test updates 👍

[adamraya]

@kieran-sf Would this be considered a breaking change?

If customers were relying on the removal or existence of those headers and suddenly found them present or missing in the requests, Could this lead to unexpected behaviour, errors or data exposure?

At the very least, are we planning on documenting the changes that could impact customers and provide examples for those who need to maintain the current behaviour?

[adamraya]

We reviewed the changes and agreed that although there is technically a change in the behavior of the proxies, we don't expect significant consequences for existing apps that now include the headers that we were previously removing. We consider the changes to solve the reported bug.