You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The current signature of Parse(secret, req) assumes that the secret will be known prior to parsing, which might not be the case if (e.g.) a webhook is servicing requests from multiple origins with individually configured secrets. In this case, it would be useful to have both a New(req) method for extracting the inbound request into a Hook and a Verify(hook, secret) method so that the hook can be provisionally extracted and inspected before verification takes place.
The text was updated successfully, but these errors were encountered:
rjz
added a commit
that referenced
this issue
Aug 5, 2016
Separating `Parse` into separate `New` and `SignedBy` methods will allow
consumers to provisionally extract hook content from an HTTP request
(via `New`) before verifyingt that the hook signature meets
expectations.
rjz
added a commit
that referenced
this issue
Aug 5, 2016
The current signature of
Parse(secret, req)
assumes that the secret will be known prior to parsing, which might not be the case if (e.g.) a webhook is servicing requests from multiple origins with individually configured secrets. In this case, it would be useful to have both aNew(req)
method for extracting the inbound request into aHook
and aVerify(hook, secret)
method so that the hook can be provisionally extracted and inspected before verification takes place.The text was updated successfully, but these errors were encountered: