Facilitate the extension developer to configure specific headers and parameters to be shared with the action

[malithie]

Is your suggestion related to an experience ? Please describe. When it comes to extension points it's quite common to rely on additional headers, parameters that incorporates to the request of the respective flow that get engages in the extension. But allowing any header or parameter is quite risky as those headers and parameters may include sensitive data, PIIs, or may reveal internal infrastructure details.

There's an improvement incorporated to exclude such specific headers and parameters to be shared with actions at server level. On top of that, it's good if we can let the extension developer to pick exact headers and params that he wants to share with the extension that are not excluded from the server level. Then it's done knowingly based on the requirement still adhering to overall server level safeguards applied.

Describe the improvement

• For a particular action facilitate configuring headers and parameters to be shared with action endpoint that implements the extension