From 9b0a6cf0d349ef3ce1c941b25bbe8e630e09c639 Mon Sep 17 00:00:00 2001 From: Robert Djurasaj Date: Wed, 31 Mar 2021 10:09:26 -0600 Subject: [PATCH] fix(cloudfront): Origin Request Policy headers enforce soft limit of 10 (#13907) Validation was added in #13410 to enforce a limit of the number of headers allowed in the allow list for a Origin Request Policy; that limit is a soft limit and should not be hard-enforced in code. Relates to #13903 This commit partially reverts changes introduced in 42f3740. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../aws-cloudfront/lib/origin-request-policy.ts | 3 --- .../aws-cloudfront/test/origin-request-policy.test.ts | 11 ----------- 2 files changed, 14 deletions(-) diff --git a/packages/@aws-cdk/aws-cloudfront/lib/origin-request-policy.ts b/packages/@aws-cdk/aws-cloudfront/lib/origin-request-policy.ts index 17e7894e6e84e..1bd4fde321080 100644 --- a/packages/@aws-cdk/aws-cloudfront/lib/origin-request-policy.ts +++ b/packages/@aws-cdk/aws-cloudfront/lib/origin-request-policy.ts @@ -184,9 +184,6 @@ export class OriginRequestHeaderBehavior { if (headers.length === 0) { throw new Error('At least one header to allow must be provided'); } - if (headers.length > 10) { - throw new Error(`Maximum allowed headers in Origin Request Policy is 10; got ${headers.length}.`); - } if (/Authorization/i.test(headers.join('|')) || /Accept-Encoding/i.test(headers.join('|'))) { throw new Error('you cannot pass `Authorization` or `Accept-Encoding` as header values; use a CachePolicy to forward these headers instead'); } diff --git a/packages/@aws-cdk/aws-cloudfront/test/origin-request-policy.test.ts b/packages/@aws-cdk/aws-cloudfront/test/origin-request-policy.test.ts index b342ac434e48e..f2f65107c180a 100644 --- a/packages/@aws-cdk/aws-cloudfront/test/origin-request-policy.test.ts +++ b/packages/@aws-cdk/aws-cloudfront/test/origin-request-policy.test.ts @@ -89,17 +89,6 @@ describe('OriginRequestPolicy', () => { expect(() => new OriginRequestPolicy(stack, 'OriginRequestPolicy7', { headerBehavior: OriginRequestHeaderBehavior.allowList('Foo', 'Bar') })).not.toThrow(); }); - test('throws if more than 10 OriginRequestHeaderBehavior headers are being passed', () => { - const errorMessage = /Maximum allowed headers in Origin Request Policy is 10; got (.*?)/; - expect(() => new OriginRequestPolicy(stack, 'OriginRequestPolicy1', { - headerBehavior: OriginRequestHeaderBehavior.allowList('Lorem', 'ipsum', 'dolor', 'sit', 'amet', 'consectetur', 'adipiscing', 'elit', 'sed', 'do', 'eiusmod'), - })).toThrow(errorMessage); - - expect(() => new OriginRequestPolicy(stack, 'OriginRequestPolicy2', { - headerBehavior: OriginRequestHeaderBehavior.allowList('Lorem', 'ipsum', 'dolor', 'sit', 'amet', 'consectetur', 'adipiscing', 'elit', 'sed', 'do'), - })).not.toThrow(); - }); - test('does not throw if originRequestPolicyName is a token', () => { expect(() => new OriginRequestPolicy(stack, 'CachePolicy', { originRequestPolicyName: Aws.STACK_NAME,