aws-amplify-us-east-2[bot]
commented
3 weeks ago This pull request is automatically being deployed by Amplify Hosting (learn more).
Access this pull request here: https://pr-3634.d3m3l2kee0btzx.amplifyapp.com
robstax
COMPLETES https://jira-eng-gpk2.cisco.com/jira/browse/SPARK-531900
This pull request addresses
in fedramp, it's important that clients do not send auth token to resources outside of the "fedramp" boundary. therefore, we should only send auth headers in the following cases
by making the following changes
i changed the allowedDomains to be empty in FedRAMP by default. if the user wants more domains in fedramp, they can pass them through config or by
setAllowedDomains(). in commercial, we keep the existing list of allowedDomains. the reason webex.com cannot be a default allowedDomain in fedramp is because there are commercial sites, like cisco.webex.com and we don't want fedramp users sending their auth tokens to arbitrary commercial *.webex sitesChange Type
The following scenarios where tested
fedramp: falsefedramp: truefedramp: falsefedramp: true*.webexallowed domainsI certified that
[x] I have read and followed contributing guidelines
[x] I discussed changes with code owners prior to submitting this pull request
[x] I have not skipped any automated checks
[x] All existing and new tests passed
[x] I have updated the documentation accordingly
Make sure to have followed the contributing guidelines before submitting.