fix: relax custom header regex to allow any valid HTTP header (#1151)

The AgentCore Runtime service now accepts any valid HTTP header in
requestHeaderAllowlist, not just those prefixed with
X-Amzn-Bedrock-AgentCore-Runtime-Custom-. Remove auto-prefixing and
replace the strict allowlist with service-aligned validation rules:
block x-amz-/x-amzn- prefixes and restricted standard headers.

Author: jesseturner21

src/cli/commands/shared/__tests__/header-utils.test.ts

@@ -8,36 +8,20 @@ import {
 import { describe, expect, it } from 'vitest';
 
 describe('normalizeHeaderName', () => {
-  it('returns "Authorization" as-is', () => {
+  it('returns "Authorization" for case-insensitive match', () => {
     expect(normalizeHeaderName('Authorization')).toBe('Authorization');
-  });
-
-  it('normalizes case-insensitive "authorization" to "Authorization"', () => {
     expect(normalizeHeaderName('authorization')).toBe('Authorization');
     expect(normalizeHeaderName('AUTHORIZATION')).toBe('Authorization');
     expect(normalizeHeaderName('AuThOrIzAtIoN')).toBe('Authorization');
   });
 
-  it('returns full header name with canonical prefix when prefix already present', () => {
-    const fullHeader = 'X-Amzn-Bedrock-AgentCore-Runtime-Custom-MyHeader';
-    expect(normalizeHeaderName(fullHeader)).toBe(fullHeader);
-  });
-
-  it('normalizes prefix casing to canonical form', () => {
-    expect(normalizeHeaderName('x-amzn-bedrock-agentcore-runtime-custom-MyHeader')).toBe(
-      'X-Amzn-Bedrock-AgentCore-Runtime-Custom-MyHeader'
+  it('returns other headers as-is without prefixing', () => {
+    expect(normalizeHeaderName('MyHeader')).toBe('MyHeader');
+    expect(normalizeHeaderName('X-Custom-Signature')).toBe('X-Custom-Signature');
+    expect(normalizeHeaderName('X-Api-Key')).toBe('X-Api-Key');
+    expect(normalizeHeaderName('X-Amzn-Bedrock-AgentCore-Runtime-Custom-Foo')).toBe(
+      'X-Amzn-Bedrock-AgentCore-Runtime-Custom-Foo'
     );
-    expect(normalizeHeaderName('X-AMZN-BEDROCK-AGENTCORE-RUNTIME-CUSTOM-MyHeader')).toBe(
-      'X-Amzn-Bedrock-AgentCore-Runtime-Custom-MyHeader'
-    );
-  });
-
-  it('auto-prefixes a bare suffix like "MyHeader"', () => {
-    expect(normalizeHeaderName('MyHeader')).toBe('X-Amzn-Bedrock-AgentCore-Runtime-Custom-MyHeader');
-  });
-
-  it('auto-prefixes suffix with hyphens like "My-Custom-Header"', () => {
-    expect(normalizeHeaderName('My-Custom-Header')).toBe('X-Amzn-Bedrock-AgentCore-Runtime-Custom-My-Custom-Header');
   });
 });
 
@@ -50,18 +34,14 @@ describe('parseAndNormalizeHeaders', () => {
     expect(parseAndNormalizeHeaders('  ,  , ')).toEqual([]);
   });
 
-  it('splits comma-separated and normalizes', () => {
-    const result = parseAndNormalizeHeaders('MyHeader, authorization, Another-Header');
-    expect(result).toEqual([
-      'X-Amzn-Bedrock-AgentCore-Runtime-Custom-MyHeader',
-      'Authorization',
-      'X-Amzn-Bedrock-AgentCore-Runtime-Custom-Another-Header',
-    ]);
+  it('splits comma-separated headers', () => {
+    const result = parseAndNormalizeHeaders('X-Custom-Signature, authorization, X-Api-Key');
+    expect(result).toEqual(['X-Custom-Signature', 'Authorization', 'X-Api-Key']);
   });
 
-  it('deduplicates after normalization', () => {
-    const result = parseAndNormalizeHeaders('MyHeader, X-Amzn-Bedrock-AgentCore-Runtime-Custom-MyHeader');
-    expect(result).toEqual(['X-Amzn-Bedrock-AgentCore-Runtime-Custom-MyHeader']);
+  it('deduplicates case-insensitively keeping first occurrence', () => {
+    const result = parseAndNormalizeHeaders('My-Header, MY-HEADER, my-header');
+    expect(result).toEqual(['My-Header']);
   });
 
   it('deduplicates case-insensitive Authorization', () => {
@@ -70,12 +50,8 @@ describe('parseAndNormalizeHeaders', () => {
   });
 
   it('trims whitespace around values', () => {
-    const result = parseAndNormalizeHeaders('  MyHeader  ,  authorization  ,  Another-Header  ');
-    expect(result).toEqual([
-      'X-Amzn-Bedrock-AgentCore-Runtime-Custom-MyHeader',
-      'Authorization',
-      'X-Amzn-Bedrock-AgentCore-Runtime-Custom-Another-Header',
-    ]);
+    const result = parseAndNormalizeHeaders('  X-Custom  ,  X-Api-Key  ');
+    expect(result).toEqual(['X-Custom', 'X-Api-Key']);
   });
 });
 
@@ -85,34 +61,52 @@ describe('validateHeaderAllowlist', () => {
     expect(validateHeaderAllowlist('   ')).toEqual({ success: true });
   });
 
-  it('returns success for valid custom header suffix', () => {
-    expect(validateHeaderAllowlist('MyHeader')).toEqual({ success: true });
-  });
-
-  it('returns success for valid full header name', () => {
-    expect(validateHeaderAllowlist('X-Amzn-Bedrock-AgentCore-Runtime-Custom-MyHeader')).toEqual({ success: true });
+  it('returns success for valid custom headers', () => {
+    expect(validateHeaderAllowlist('X-Custom-Signature')).toEqual({ success: true });
+    expect(validateHeaderAllowlist('X-Api-Key')).toEqual({ success: true });
+    expect(validateHeaderAllowlist('My_Header')).toEqual({ success: true });
   });
 
-  it('returns success for "Authorization"', () => {
+  it('returns success for Authorization', () => {
     expect(validateHeaderAllowlist('Authorization')).toEqual({ success: true });
     expect(validateHeaderAllowlist('authorization')).toEqual({ success: true });
   });
 
+  it('returns success for the legacy prefix', () => {
+    expect(validateHeaderAllowlist('X-Amzn-Bedrock-AgentCore-Runtime-Custom-Foo')).toEqual({ success: true });
+  });
+
   it('returns success for mixed valid headers', () => {
-    expect(validateHeaderAllowlist('Authorization, MyHeader, X-Amzn-Bedrock-AgentCore-Runtime-Custom-Another')).toEqual(
-      { success: true }
-    );
+    expect(validateHeaderAllowlist('Authorization, X-Custom-Signature, X-Api-Key')).toEqual({ success: true });
+  });
+
+  it('returns error for x-amz- prefix', () => {
+    const result = validateHeaderAllowlist('x-amz-security-token');
+    expect(result.success).toBe(false);
+    expect(result.error).toContain('x-amz-');
+  });
+
+  it('returns error for x-amzn- prefix without allowed exception', () => {
+    const result = validateHeaderAllowlist('x-amzn-something');
+    expect(result.success).toBe(false);
+    expect(result.error).toContain('x-amzn-');
+  });
+
+  it('returns error for restricted headers', () => {
+    const result = validateHeaderAllowlist('Content-Type');
+    expect(result.success).toBe(false);
+    expect(result.error).toContain('restricted');
   });
 
   it('returns error when exceeding max 20 headers', () => {
-    const headers = Array.from({ length: 21 }, (_, i) => `Header${i}`).join(', ');
+    const headers = Array.from({ length: 21 }, (_, i) => `X-Header-${i}`).join(', ');
     const result = validateHeaderAllowlist(headers);
     expect(result.success).toBe(false);
     expect(result.error).toContain('20');
   });
 
   it('returns success for exactly 20 headers', () => {
-    const headers = Array.from({ length: 20 }, (_, i) => `Header${i}`).join(', ');
+    const headers = Array.from({ length: 20 }, (_, i) => `X-Header-${i}`).join(', ');
     expect(validateHeaderAllowlist(headers)).toEqual({ success: true });
   });
 
@@ -127,20 +121,24 @@ describe('validateHeaderAllowlist', () => {
     expect(result.success).toBe(false);
     expect(result.error).toContain('Invalid header name');
   });
+
+  it('allows underscores in header names', () => {
+    expect(validateHeaderAllowlist('My_Custom_Header')).toEqual({ success: true });
+  });
 });
 
 describe('parseHeaderFlag', () => {
   it('parses "Key: Value" format', () => {
-    expect(parseHeaderFlag('MyHeader: some-value')).toEqual({
-      name: 'X-Amzn-Bedrock-AgentCore-Runtime-Custom-MyHeader',
-      value: 'some-value',
+    expect(parseHeaderFlag('X-Custom-Signature: sha256=abc123')).toEqual({
+      name: 'X-Custom-Signature',
+      value: 'sha256=abc123',
     });
   });
 
   it('parses "Key:Value" format without space', () => {
-    expect(parseHeaderFlag('MyHeader:some-value')).toEqual({
-      name: 'X-Amzn-Bedrock-AgentCore-Runtime-Custom-MyHeader',
-      value: 'some-value',
+    expect(parseHeaderFlag('X-Api-Key:my-key')).toEqual({
+      name: 'X-Api-Key',
+      value: 'my-key',
     });
   });
 
@@ -151,7 +149,7 @@ describe('parseHeaderFlag', () => {
     });
   });
 
-  it('normalizes header names', () => {
+  it('normalizes Authorization casing', () => {
     expect(parseHeaderFlag('authorization: token')).toEqual({
       name: 'Authorization',
       value: 'token',
@@ -167,18 +165,18 @@ describe('parseHeaderFlag', () => {
   });
 
   it('trims whitespace from key and value', () => {
-    expect(parseHeaderFlag('  MyHeader  :  some-value  ')).toEqual({
-      name: 'X-Amzn-Bedrock-AgentCore-Runtime-Custom-MyHeader',
+    expect(parseHeaderFlag('  X-Custom  :  some-value  ')).toEqual({
+      name: 'X-Custom',
       value: 'some-value',
     });
   });
 });
 
 describe('parseHeaderFlags', () => {
   it('parses multiple headers', () => {
-    const result = parseHeaderFlags(['MyHeader: value1', 'Authorization: Bearer token']);
+    const result = parseHeaderFlags(['X-Custom-Signature: value1', 'Authorization: Bearer token']);
     expect(result).toEqual({
-      'X-Amzn-Bedrock-AgentCore-Runtime-Custom-MyHeader': 'value1',
+      'X-Custom-Signature': 'value1',
       Authorization: 'Bearer token',
     });
   });
@@ -188,9 +186,9 @@ describe('parseHeaderFlags', () => {
   });
 
   it('last value wins for duplicate keys', () => {
-    const result = parseHeaderFlags(['MyHeader: first', 'MyHeader: second']);
+    const result = parseHeaderFlags(['X-Custom: first', 'X-Custom: second']);
     expect(result).toEqual({
-      'X-Amzn-Bedrock-AgentCore-Runtime-Custom-MyHeader': 'second',
+      'X-Custom': 'second',
     });
   });