Fix header validation per RFC 7230 and add null check

Address Copilot AI feedback:
- Remove underscore support from header names (RFC 7230 compliance)
- Add explicit null check for JSON parsing
- Update validation regex to /^[A-Za-z0-9-]+$/
- Add test case for null value handling
- Update documentation to clarify header name requirements

Changes:
- Header names now only accept alphanumeric characters and hyphens
- Improved error messages for invalid headers
- Added test for null JSON input
- Updated APIM example tests

All 81 tests passing.
This commit is contained in:
Yonatan Golick
2026-01-18 11:35:18 +02:00
parent 6d144ac474
commit ce720b3d0c
5 changed files with 29 additions and 15 deletions
+2
View File
@@ -200,6 +200,8 @@ steps:
- **Observability**: Add metadata for logging, monitoring, and debugging
- **Routing**: Control request routing through custom gateways or load balancers
**Header name requirements**: Header names must contain only alphanumeric characters and hyphens (following RFC 7230). Underscores and other special characters are not allowed.
**Security note**: Always use GitHub secrets for sensitive header values like API keys, tokens, or passwords. The action automatically masks common sensitive headers (containing `key`, `token`, `secret`, `password`, or `authorization`) in logs.
### GitHub MCP Integration (Model Context Protocol)