AWS ivs documentation change
Summary
Added pattern validation for tag keys and values, added documentation for security-related HTTP response headers in error responses, and corrected a reference from DeleteChannel to DeleteAdConfiguration
Security assessment
Similar to the first file, this adds documentation for security headers (CORS, CSP, HSTS, X-Frame-Options) in HTTP error responses and adds input validation patterns for tags. The pattern validation helps prevent potential injection attacks. The reference correction is not security-related. No evidence of a specific security vulnerability being addressed.
Diff
diff --git a/ivs/latest/LowLatencyAPIReference/API_CreateStreamKey.md b/ivs/latest/LowLatencyAPIReference/API_CreateStreamKey.md index afda2168b..f8c1915dd 100644 --- a//ivs/latest/LowLatencyAPIReference/API_CreateStreamKey.md +++ b//ivs/latest/LowLatencyAPIReference/API_CreateStreamKey.md @@ -59,0 +60,2 @@ Key Length Constraints: Minimum length of 1. Maximum length of 128. +Key Pattern: `([\p{L}\p{Z}\p{N}_.:/=+\-@]+)` + @@ -61,0 +64,2 @@ Value Length Constraints: Minimum length of 0. Maximum length of 256. +Value Pattern: `([\p{L}\p{Z}\p{N}_.:/=+\-@]*)` + @@ -100,0 +105,12 @@ For information about the errors that are common to all actions, see [Common Err +**accessControlAllowOrigin** + + +**accessControlExposeHeaders** + + +**cacheControl** + + +**contentSecurityPolicy** + + @@ -105,0 +122,12 @@ User does not have sufficient access to perform this action. +**strictTransportSecurity** + + +**xAmznErrorType** + + +**xContentTypeOptions** + + +**xFrameOptions** + + @@ -110,0 +139,12 @@ HTTP Status Code: 403 +**accessControlAllowOrigin** + + +**accessControlExposeHeaders** + + +**cacheControl** + + +**contentSecurityPolicy** + + @@ -115,0 +156,12 @@ Your account is pending verification. +**strictTransportSecurity** + + +**xAmznErrorType** + + +**xContentTypeOptions** + + +**xFrameOptions** + + @@ -120,0 +173,12 @@ HTTP Status Code: 403 +**accessControlAllowOrigin** + + +**accessControlExposeHeaders** + + +**cacheControl** + + +**contentSecurityPolicy** + + @@ -125,0 +190,12 @@ Request references a resource which does not exist. +**strictTransportSecurity** + + +**xAmznErrorType** + + +**xContentTypeOptions** + + +**xFrameOptions** + + @@ -130,0 +207,12 @@ HTTP Status Code: 404 +**accessControlAllowOrigin** + + +**accessControlExposeHeaders** + + +**cacheControl** + + +**contentSecurityPolicy** + + @@ -135,0 +224,12 @@ Request would cause a service quota to be exceeded. +**strictTransportSecurity** + + +**xAmznErrorType** + + +**xContentTypeOptions** + + +**xFrameOptions** + + @@ -140,0 +241,12 @@ HTTP Status Code: 402 +**accessControlAllowOrigin** + + +**accessControlExposeHeaders** + + +**cacheControl** + + +**contentSecurityPolicy** + + @@ -145,0 +258,12 @@ The input fails to satisfy the constraints specified by an AWS service. +**strictTransportSecurity** + + +**xAmznErrorType** + + +**xContentTypeOptions** + + +**xFrameOptions** + + @@ -183 +307 @@ CreateRecordingConfiguration -DeleteChannel +DeleteAdConfiguration