Skip to content

Commit

Permalink
fix(cloudfront): Origin Request Policy headers enforce soft limit of …
Browse files Browse the repository at this point in the history
…10 (aws#13907)

Validation was added in aws#13410 to enforce a limit of the number of headers
allowed in the allow list for a Origin Request Policy; that limit is a soft limit and
should not be hard-enforced in code.

Relates to aws#13903

This commit partially reverts changes introduced in 42f3740.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
  • Loading branch information
robertd authored and hollanddd committed Aug 26, 2021
1 parent 4289b64 commit 043326a
Show file tree
Hide file tree
Showing 2 changed files with 0 additions and 14 deletions.
3 changes: 0 additions & 3 deletions packages/@aws-cdk/aws-cloudfront/lib/origin-request-policy.ts
Original file line number Diff line number Diff line change
Expand Up @@ -184,9 +184,6 @@ export class OriginRequestHeaderBehavior {
if (headers.length === 0) {
throw new Error('At least one header to allow must be provided');
}
if (headers.length > 10) {
throw new Error(`Maximum allowed headers in Origin Request Policy is 10; got ${headers.length}.`);
}
if (/Authorization/i.test(headers.join('|')) || /Accept-Encoding/i.test(headers.join('|'))) {
throw new Error('you cannot pass `Authorization` or `Accept-Encoding` as header values; use a CachePolicy to forward these headers instead');
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -89,17 +89,6 @@ describe('OriginRequestPolicy', () => {
expect(() => new OriginRequestPolicy(stack, 'OriginRequestPolicy7', { headerBehavior: OriginRequestHeaderBehavior.allowList('Foo', 'Bar') })).not.toThrow();
});

test('throws if more than 10 OriginRequestHeaderBehavior headers are being passed', () => {
const errorMessage = /Maximum allowed headers in Origin Request Policy is 10; got (.*?)/;
expect(() => new OriginRequestPolicy(stack, 'OriginRequestPolicy1', {
headerBehavior: OriginRequestHeaderBehavior.allowList('Lorem', 'ipsum', 'dolor', 'sit', 'amet', 'consectetur', 'adipiscing', 'elit', 'sed', 'do', 'eiusmod'),
})).toThrow(errorMessage);

expect(() => new OriginRequestPolicy(stack, 'OriginRequestPolicy2', {
headerBehavior: OriginRequestHeaderBehavior.allowList('Lorem', 'ipsum', 'dolor', 'sit', 'amet', 'consectetur', 'adipiscing', 'elit', 'sed', 'do'),
})).not.toThrow();
});

test('does not throw if originRequestPolicyName is a token', () => {
expect(() => new OriginRequestPolicy(stack, 'CachePolicy', {
originRequestPolicyName: Aws.STACK_NAME,
Expand Down

0 comments on commit 043326a

Please sign in to comment.