AWS ivs documentation change
Summary
Added security-related HTTP response headers and error codes documentation
Security assessment
The change documents security headers like Content-Security-Policy and Strict-Transport-Security, which are security best practices. However, there is no explicit reference to resolving a specific security vulnerability. The additions appear to be standard security feature documentation for API responses rather than addressing a disclosed weakness.
Diff
diff --git a/ivs/latest/LowLatencyAPIReference/API_BatchGetChannel.md b/ivs/latest/LowLatencyAPIReference/API_BatchGetChannel.md index 912ba5ec8..a566da4d1 100644 --- a//ivs/latest/LowLatencyAPIReference/API_BatchGetChannel.md +++ b//ivs/latest/LowLatencyAPIReference/API_BatchGetChannel.md @@ -47,0 +48,7 @@ Required: Yes + Access-Control-Allow-Origin: accessControlAllowOrigin + Access-Control-Expose-Headers: accessControlExposeHeaders + Cache-Control: cacheControl + Content-Security-Policy: contentSecurityPolicy + Strict-Transport-Security: strictTransportSecurity + X-Content-Type-Options: xContentTypeOptions + X-Frame-Options: xFrameOptions @@ -91,0 +99,23 @@ If the action is successful, the service sends back an HTTP 200 response. +The response returns the following HTTP headers. + +**accessControlAllowOrigin ** + + +**accessControlExposeHeaders ** + + +**cacheControl ** + + +**contentSecurityPolicy ** + + +**strictTransportSecurity ** + + +**xContentTypeOptions ** + + +**xFrameOptions ** + + @@ -109,0 +140,25 @@ For information about the errors that are common to all actions, see [Common Err +**AccessDeniedException** + + +**exceptionMessage** + + +User does not have sufficient access to perform this action. + +HTTP Status Code: 403 + +**ServiceUnavailable** + + +HTTP Status Code: 503 + +**ValidationException** + + +**exceptionMessage** + + +The input fails to satisfy the constraints specified by an AWS service. + +HTTP Status Code: 400 +