Closed artfulrobot closed 4 years ago
You can download 1.9.2beta to test this https://github.com/artfulrobot/uk.artfulrobot.civicrm.gocardless/releases/tag/1.9.2beta (note that the release includes some other changes, too)
Should you need to downgrade, you can just replace the code with the 1.9.1 version again as there are no one-way changes made oops, there are one-way changes made. However, these are unlikely to affect you, and you would still be able to downgrade.
Contrary to the engineer's response on twitter, I go this from GoCardless today:
Webhook headers will not be affected by this change.
It's only the http headers on our API responses (i.e. when you send us a request) that are affected.
Which means that the HTTP headers thing is nothing to worry about - you don't need to upgrade to 1.9.2beta2, although if you have, there's no need to downgrade either.
I'll keep this commit in, as it does no harm and should they ever decide to send "webhook-signature" or "WeBHoOk-SiGNatURe" it will still work!
Closing this issue.
Everybody is receiving this email from GC:
I don't think this is anything to worry about - assuming response headers being case insensitive is handled by guzzle (which is used by GoCardless's own code). The only other place we look at headers is in processing webhooks. This is fixed by https://github.com/artfulrobot/uk.artfulrobot.civicrm.gocardless/commit/255e1e919042e727ac2e53285077423c1d7a2d72
Nb. GC uses guzzle 6.0+ but CiviCRM has already brought in guzzle 6.3+, so I think that should be fine.
GoCardless docs at here and here are still referring to
Webhook-Signature
but they have confirmed this is wrong and that they will update these