Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add X-Hub-Signature header to webhook deliveries #7788

Closed
BenLubar opened this issue Aug 7, 2019 · 1 comment · Fixed by #16176
Closed

Add X-Hub-Signature header to webhook deliveries #7788

BenLubar opened this issue Aug 7, 2019 · 1 comment · Fixed by #16176
Labels
type/proposal The new feature has not been accepted yet but needs to be discussed first.

Comments

@BenLubar
Copy link

BenLubar commented Aug 7, 2019

The format is sha1= followed by a hex SHA1-HMAC made in the same way as the current sha256 Gitea generates for its own signature header.
@lunny lunny added the type/proposal The new feature has not been accepted yet but needs to be discussed first. label Aug 8, 2019
@rafelbev rafelbev mentioned this issue Oct 11, 2019
Closed
@lunny lunny added this to the 1.11.0 milestone Oct 14, 2019
@withlin withlin mentioned this issue Oct 14, 2019
Closed
@techknowlogick techknowlogick modified the milestones: 1.11.0, 1.x.x Dec 12, 2019
@alexanderadam alexanderadam mentioned this issue Mar 1, 2020
Open
This was referenced May 26, 2020
Closed
Open
@coolaj86
Copy link
Contributor

@techknowlogick @lunny This is something that I may be able to take on.

It looks like the Signature field is currently pre-computed, but could probably be omitted from structs and storage and computed as-needed from the PayloadContent as to support multiple signature types.

This was referenced Jun 8, 2021
Open
Closed
@KN4CK3R KN4CK3R mentioned this issue Jun 16, 2021
Merged
zeripath added a commit that referenced this issue Jun 27, 2021
@KN4CK3R @zeripath
Refactor Webhook + Add X-Hub-Signature (#16176)
9b1b4b5 
This PR removes multiple unneeded fields from the `HookTask` struct and adds the two headers `X-Hub-Signature` and `X-Hub-Signature-256`.

## ⚠️ BREAKING ⚠️ 

* The `Secret` field is no longer passed as part of the payload.
* "Breaking" change (or fix?): The webhook history shows the real called url and not the url registered in the webhook (`deliver.go`@129).

Close #16115
Fixes #7788
Fixes #11755

Co-authored-by: zeripath <[email protected]>
@lunny lunny removed this from the 1.x.x milestone Aug 8, 2021
AbdulrhmnGhanem pushed a commit to kitspace/gitea that referenced this issue Aug 10, 2021
@KN4CK3R @zeripath @AbdulrhmnGhanem
Refactor Webhook + Add X-Hub-Signature (go-gitea#16176)
c50e175 
This PR removes multiple unneeded fields from the `HookTask` struct and adds the two headers `X-Hub-Signature` and `X-Hub-Signature-256`.

## ⚠️ BREAKING ⚠️ 

* The `Secret` field is no longer passed as part of the payload.
* "Breaking" change (or fix?): The webhook history shows the real called url and not the url registered in the webhook (`deliver.go`@129).

Close go-gitea#16115
Fixes go-gitea#7788
Fixes go-gitea#11755

Co-authored-by: zeripath <[email protected]>
@go-gitea go-gitea locked and limited conversation to collaborators Oct 19, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
type/proposal The new feature has not been accepted yet but needs to be discussed first.
Projects
None yet
Milestone
No milestone
4 participants
@lunny @coolaj86 @techknowlogick @BenLubar