AWS waf documentation change
Summary
Added console experience note and updated token domain list references to include 'protection pack' terminology
Security assessment
Expands documentation for cross-domain token validation to include protection packs, enhancing security configuration guidance but not addressing specific vulnerabilities.
Diff
diff --git a/waf/latest/developerguide/waf-js-challenge-api-get-token.md b/waf/latest/developerguide/waf-js-challenge-api-get-token.md index ba4fba6cb..c326663f8 100644 --- a//waf/latest/developerguide/waf-js-challenge-api-get-token.md +++ b//waf/latest/developerguide/waf-js-challenge-api-get-token.md @@ -4,0 +5,4 @@ +**Introducing a new console experience for AWS WAF** + +You can now use the updated experience to access AWS WAF functionality anywhere in the console. For more details, see [Working with the updated console experience](./working-with-console.html). + @@ -90 +94 @@ The `fetch` wrapper handles these cases automatically, but if you aren't able to -By default, AWS WAF only accepts tokens that contain the same domain as the requested host domain. Any cross-domain tokens require corresponding entries in the web ACL token domain list. For more information, see [AWS WAF web ACL token domain list configuration](./waf-tokens-domains.html#waf-tokens-domain-lists). +By default, AWS WAF only accepts tokens that contain the same domain as the requested host domain. Any cross-domain tokens require corresponding entries in the protection pack or web ACL token domain list. For more information, see [AWS WAF protection pack or web ACL token domain list configuration](./waf-tokens-domains.html#waf-tokens-domain-lists).