Skip to content

Implement signature verification #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
gr2m opened this issue Dec 17, 2020 · 2 comments · Fixed by #2
Closed

Implement signature verification #1

gr2m opened this issue Dec 17, 2020 · 2 comments · Fixed by #2
Labels
released

Comments

@gr2m
Copy link
Owner

gr2m commented Dec 17, 2020

The requests from GitHub are currently not verified using the signature, because the code is currently using Node's crypto package. This will be resolved once I create a universal webhook verification package, similar to universal-github-app-jwt. For the time being, you could define a secret path that that webhook requests by GitHub are sent to, in order to prevent anyone who knows your workers URL from sending fake webhook requests.
gr2m added a commit that referenced this issue Dec 17, 2020
@gr2m
docs: reference #1
f92324e
@AlCalzone AlCalzone mentioned this issue Aug 31, 2022
Merged
@gr2m gr2m closed this as completed in #2 Sep 6, 2022
@github-actions
Copy link

github-actions bot commented Sep 6, 2022

🎉 This issue has been resolved in version 1.0.1 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

@boredland
Copy link

Does this mean that the disclaimer in the README is kinda outdated?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
released
Projects
None yet
Milestone
No milestone
2 participants
@gr2m @boredland