We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
GithubWehook does not validate event's value of X-Hub-Signature that provide authentication of incoming messages.
X-Hub-Signature
It's a security issue, currently this webhook access any incoming events.
Get secret (that's shared with github) from the config file and use it to verify authenticity of incoming events. Github documentation.
secret
The text was updated successfully, but these errors were encountered:
I agree. In the meantime you can have some security via obscurity by exposing a path like /github_SefWup5ob.
/github_SefWup5ob
Sorry, something went wrong.
No branches or pull requests
Bug report
GithubWehook does not validate event's value of
X-Hub-Signature
that provide authentication of incoming messages.It's a security issue, currently this webhook access any incoming events.
Expected behaviour:
Get
secret
(that's shared with github) from the config file and use it to verify authenticity of incoming events. Github documentation.The text was updated successfully, but these errors were encountered: