CSP Header is not updated #6955
Description
Checkboxes for prior research
- I've gone through Developer Guide and API reference
- I've checked AWS Forums and StackOverflow.
- I've searched for previous similar issues and didn't find any solution.
Describe the bug
After reading https://aws.amazon.com/blogs/developer/middleware-stack-modular-aws-sdk-js/ I tried to update my client's CSP policy. When I make the call I can see that middleware args does have my connect-src value, but I see get error saying that call failed due to CSP polity and the print out of the header does NOT include *.amazonaws.com
How can I fix that?
Regression Issue
- Select this option if this issue appears to be a regression.
SDK version number
@aws-sdk/package-name@version, ...
Which JavaScript Runtime is this issue in?
Node.js
Details of the browser/Node.js/ReactNative version
calling from a React component in the browser
Reproduction Steps
client.middlewareStack.add(
(next) => async (args: any) => {
// Add CSP headers to the request
if (!args.request.headers) {
args.request.headers = {};
}
args.request.headers["Content-Security-Policy"] = [
"default-src 'self';",
"script-src 'self' 'unsafe-inline' *.awswaf.com;",
"connect-src 'self' *.amazonaws.com;",
"img-src 'self' data: https:;",
"style-src 'self' 'unsafe-inline';",
"frame-ancestors 'none';",
"object-src 'none'",
].join(" ");
console.log("!!! ARGS !!!", args);
// Call the next middleware in the stack
// return next(args);
const result = await next(args);
return result;
},
{
step: "build",
name: "addSecurityHeadersMiddleware",
}
);
return client;
};Observed Behavior
CSP is not updated
Expected Behavior
CSP should be updated
Possible Solution
No response
Additional Information/Context
No response