Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add X-Hub-Signature header to webhook deliveries #7788

Closed
BenLubar opened this issue Aug 7, 2019 · 1 comment · Fixed by #16176
Closed

Add X-Hub-Signature header to webhook deliveries #7788

BenLubar opened this issue Aug 7, 2019 · 1 comment · Fixed by #16176
Labels
type/proposal The new feature has not been accepted yet but needs to be discussed first.

Comments

@BenLubar
Copy link

BenLubar commented Aug 7, 2019

The format is sha1= followed by a hex SHA1-HMAC made in the same way as the current sha256 Gitea generates for its own signature header.

@lunny lunny added the type/proposal The new feature has not been accepted yet but needs to be discussed first. label Aug 8, 2019
@lunny lunny added this to the 1.11.0 milestone Oct 14, 2019
@techknowlogick techknowlogick modified the milestones: 1.11.0, 1.x.x Dec 12, 2019
@coolaj86
Copy link
Contributor

@techknowlogick @lunny This is something that I may be able to take on.

It looks like the Signature field is currently pre-computed, but could probably be omitted from structs and storage and computed as-needed from the PayloadContent as to support multiple signature types.

zeripath added a commit that referenced this issue Jun 27, 2021
This PR removes multiple unneeded fields from the `HookTask` struct and adds the two headers `X-Hub-Signature` and `X-Hub-Signature-256`.

## ⚠️ BREAKING ⚠️ 

* The `Secret` field is no longer passed as part of the payload.
* "Breaking" change (or fix?): The webhook history shows the real called url and not the url registered in the webhook (`deliver.go`@129).

Close #16115
Fixes #7788
Fixes #11755

Co-authored-by: zeripath <[email protected]>
@lunny lunny removed this from the 1.x.x milestone Aug 8, 2021
AbdulrhmnGhanem pushed a commit to kitspace/gitea that referenced this issue Aug 10, 2021
This PR removes multiple unneeded fields from the `HookTask` struct and adds the two headers `X-Hub-Signature` and `X-Hub-Signature-256`.

## ⚠️ BREAKING ⚠️ 

* The `Secret` field is no longer passed as part of the payload.
* "Breaking" change (or fix?): The webhook history shows the real called url and not the url registered in the webhook (`deliver.go`@129).

Close go-gitea#16115
Fixes go-gitea#7788
Fixes go-gitea#11755

Co-authored-by: zeripath <[email protected]>
@go-gitea go-gitea locked and limited conversation to collaborators Oct 19, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
type/proposal The new feature has not been accepted yet but needs to be discussed first.
Projects
None yet
4 participants