Bitbucket webhook: missing signature #474
Labels
Comments
|
In fact it's the webhook "test-connection" feature that don't send any "X-Hub-Signature" even if we set a webhooksecret. |
|
So the other events are fine and send the signature? |
|
As far as I tested (PR created/modified) i confirm the x-hub-signature is present with all other events yes. I also did a quick test with the latest version of bitbucket server (6.0.0). Here's the headers sent in the request of the test (With webhook secret set) Still no "X-Hub-Signature" header. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I'm using bitbucket server (no cloud edition) version 5.6.2.
The atlantis server is started with the following parameter:
"--atlantis-url=http://atlantis.local:4141",
"--bitbucket-base-url=https://bitbucket.local",
"--bitbucket-webhook-secret='b8db1d572aa87921edddb772fda4c8ac54e9de80'",
"--bitbucket-user=phl",
"--bitbucket-token=Nzc0OTkxNTU1REMyOg8BHeT6dFJPKHLBvfFmJrQZzZxR",
"--repo-whitelist=*"
When i test the webhook i got this response (body):
request did not pass validation: missing signature
The request headers sent by the webhook of my bitbucket currently installed is:
X-Request-Id: d872ad25-24fe-4278-a73a-2a10ed6b653d
X-Event-Key: diagnostics:ping
As we can see the "X-Hub-Signature" is missing. And this is used for the validation here:
https://github.com/runatlantis/atlantis/blob/v0.4.15/server/events_controller.go#L173
The text was updated successfully, but these errors were encountered: