AWS AmazonCloudFront documentation change
Summary
Added 'Hash-Algorithm' to the list of query parameters that cannot be used in original URLs when using signed URLs.
Security assessment
This change documents that 'Hash-Algorithm' is now a reserved query parameter for CloudFront signed URLs, preventing conflicts between user-defined parameters and CloudFront's signing mechanism. This is a preventive security measure to avoid parameter collision attacks.
Diff
diff --git a/AmazonCloudFront/latest/DeveloperGuide/private-content-choosing-signed-urls-cookies.md b/AmazonCloudFront/latest/DeveloperGuide/private-content-choosing-signed-urls-cookies.md index 06551abd9..50de32f37 100644 --- a//AmazonCloudFront/latest/DeveloperGuide/private-content-choosing-signed-urls-cookies.md +++ b//AmazonCloudFront/latest/DeveloperGuide/private-content-choosing-signed-urls-cookies.md @@ -38,0 +39,2 @@ If you are not currently using signed URLs, and if your (unsigned) URLs contain + * `Hash-Algorithm` +