AWS bedrock-agentcore documentation change
Summary
Formatting changes to header restrictions: removed asterisk from Authorization header, changed code formatting for X-Amzn-Bedrock-AgentCore-Runtime-Custom-* exception, and updated typographical quotes in configuration instructions
Security assessment
These changes are primarily formatting and typographical corrections. The removal of the asterisk from 'Authorization*' clarifies that only the Authorization header itself is restricted, not headers starting with 'Authorization'. The change from backticks to plain text for the X-Amzn-Bedrock-AgentCore-Runtime-Custom-* exception is a formatting adjustment. No security vulnerability or new security feature is being documented.
Diff
diff --git a/bedrock-agentcore/latest/devguide/gateway-headers.md b/bedrock-agentcore/latest/devguide/gateway-headers.md index deba01121..9a33b3ad8 100644 --- a//bedrock-agentcore/latest/devguide/gateway-headers.md +++ b//bedrock-agentcore/latest/devguide/gateway-headers.md @@ -26 +26 @@ To maintain security and prevent exposure of sensitive information, the followin -Restricted headers Authorization* +Authorization* @@ -143 +146 @@ Additional validation rules apply to allowed headers: - * Headers starting with `X-Amzn-` are prohibited (except for `X-Amzn-Bedrock-AgentCore-Runtime-Custom-*` headers) + * Headers starting with `X-Amzn-` are prohibited (except for X-Amzn-Bedrock-AgentCore-Runtime-Custom-* headers) @@ -154 +157 @@ You can configure header and query parameters at the target level when creating -Configure header propagation by adding `allowedRequestHeaders`, `allowedResponseHeaders`, and `allowedQueryParameters` fields to your target's `metadataConfiguration`: +Configure header propagation by adding `allowedRequestHeaders` , `allowedResponseHeaders` , and `allowedQueryParameters` fields to your target’s `metadataConfiguration` : @@ -224 +227 @@ Interceptor lambdas can influence header propagation in the following ways: - * **Authorization header override:** The `Authorization` header from the interceptor lambda response is automatically propagated to the target. While the `Authorization` header cannot be configured in the target's allowlist, it will be forwarded to the target when provided by an interceptor lambda. + * **Authorization header override:** The `Authorization` header from the interceptor lambda response is automatically propagated to the target. While the `Authorization` header cannot be configured in the target’s allowlist, it will be forwarded to the target when provided by an interceptor lambda.