adnanh
commented
10 months ago Better late than never, I guess 😄
Open peterwwillis opened 10 months ago
adnanh
commented
10 months ago Better late than never, I guess 😄
Bitbucket have finally decided to support secrets for webhooks: https://bitbucket.org/blog/enhanced-webhook-security
I'm not sure if there's code that needs updating, but these docs on Bitbucket could probably use updating: https://github.com/adnanh/webhook/blob/master/docs/Hook-Examples.md#incoming-bitbucket-webhook
Confusing matters is the fact that Bitbucket's
X-Hub-Signatureheader is using a SHA256 hash, whereas both GitHub's and Facebook'sX-Hub-Signatureis SHA1, while their headerX-Hub-Signature-256is SHA256. You'd think after six years they'd want parity with other vendors... but better incompatible than unavailable, I guess 😐