Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add Content-Type header application/json to webhook requests #1947

Open
donstephan opened this issue Aug 2, 2024 · 1 comment
Open

Add Content-Type header application/json to webhook requests #1947

donstephan opened this issue Aug 2, 2024 · 1 comment
Assignees
Labels
enhancement needs triage Waiting for discussion / prioritization by team

Comments

@donstephan
Copy link

Hello!

  • Vote on this issue by adding a 👍 reaction
  • If you want to implement this feature, comment to let us know (we'll work with you on design, scheduling, etc.)

Issue details

When webhooks are sent with step-ca, no Content-Type header is added to the request. This should be Content-Type: application/json as stated in the webhook documentation here https://smallstep.com/docs/step-ca/webhooks/#requests. For more context, here is where headers are attached to a webhook request:

func (w *Webhook) DoWithContext(ctx context.Context, client *http.Client, reqBody *webhook.RequestBody, data any) (*webhook.ResponseBody, error) {

Example headers received from a step-ca webhook:

Accept-Encoding	           gzip
Content-Length	           1810
Host	                                   xxx
User-Agent	                   Go-http-client/2.0
X-Forwarded-For	           xxx
X-Forwarded-Host	           xxx
X-Forwarded-Proto	           https
X-Request-Id	                   xxx
X-Smallstep-Signature	   xxx
X-Smallstep-Webhook-Id   xxx

Why is this needed?

This will make it easier for webhook consumers to parse the request body. This should not effect clients from validating webhook signatures properly.

Do note this could cause a issues for current webhook implementation depending on how clients are parsing the current requests. Adding the Content-Type header could cause the expected body to change if they have existing support for JSON body types.

@donstephan donstephan added enhancement needs triage Waiting for discussion / prioritization by team labels Aug 2, 2024
@hslatman hslatman self-assigned this Aug 6, 2024
@massimo-ua
Copy link

hey @hslatman @donstephan I'd love to help with that

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement needs triage Waiting for discussion / prioritization by team
Projects
None yet
Development

No branches or pull requests

3 participants