Skip to content

Switch incoming webhook shared secret to use Post data instad of query parameters #1093

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
chmouel opened this issue Dec 22, 2022 · 1 comment · May be fixed by #2100
Open

Switch incoming webhook shared secret to use Post data instad of query parameters #1093

chmouel opened this issue Dec 22, 2022 · 1 comment · May be fixed by #2100
Labels
bug Something isn't working

Comments

@chmouel
Copy link
Member

chmouel commented Dec 22, 2022

it's probably not super secure, cf:
@sm43
Copy link
Contributor

sm43 commented May 30, 2023
edited
Loading

we pass secret name right? and not the actual secret
but yeah not secure anyway .

@chmouel chmouel added the bug Something isn't working label May 22, 2025
chmouel added a commit to chmouel/pipelines-as-code that referenced this issue May 22, 2025
@chmouel
feat: Add JSON body support for incoming webhook parameters
fd51934 
* Implemented support for passing incoming webhook parameters in the JSON
request body.
* Marked the legacy method using URL query parameters for secrets as insecure.
* Added a warning log when the legacy method is detected.
* Updated documentation to describe the new recommended method and the
deprecated legacy method.
* Updated end-to-end tests to cover both legacy and new methods.

Fixes openshift-pipelines#1093
JIRA: https://issues.redhat.com/browse/SRVKP-7678

Signed-off-by: Chmouel Boudjnah <[email protected]>
@chmouel chmouel linked a pull request May 22, 2025 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: Add JSON body support for incoming webhook parameters chmouel/pipelines-as-code
2 participants
@chmouel @sm43