AWS Security ChangesHomeSearch

AWS waf documentation change

Service: waf · 2025-06-19 · Documentation low

File: waf/latest/developerguide/waf-js-challenge-api-get-token.md

Summary

Added console experience note and updated token domain list references to include 'protection pack' terminology

Security assessment

Expands documentation for cross-domain token validation to include protection packs, enhancing security configuration guidance but not addressing specific vulnerabilities.

Diff

diff --git a/waf/latest/developerguide/waf-js-challenge-api-get-token.md b/waf/latest/developerguide/waf-js-challenge-api-get-token.md
index ba4fba6cb..c326663f8 100644
--- a//waf/latest/developerguide/waf-js-challenge-api-get-token.md
+++ b//waf/latest/developerguide/waf-js-challenge-api-get-token.md
@@ -4,0 +5,4 @@
+**Introducing a new console experience for AWS WAF**
+
+You can now use the updated experience to access AWS WAF functionality anywhere in the console. For more details, see [Working with the updated console experience](./working-with-console.html). 
+
@@ -90 +94 @@ The `fetch` wrapper handles these cases automatically, but if you aren't able to
-By default, AWS WAF only accepts tokens that contain the same domain as the requested host domain. Any cross-domain tokens require corresponding entries in the web ACL token domain list. For more information, see [AWS WAF web ACL token domain list configuration](./waf-tokens-domains.html#waf-tokens-domain-lists). 
+By default, AWS WAF only accepts tokens that contain the same domain as the requested host domain. Any cross-domain tokens require corresponding entries in the protection pack or web ACL token domain list. For more information, see [AWS WAF protection pack or web ACL token domain list configuration](./waf-tokens-domains.html#waf-tokens-domain-lists).