Closed WestDiscGolf closed 6 years ago
There are no plans to support insecure requests. Further, all WebHooks receivers require a secret key (or similar configuration) and use it to confirm requests came from the intended sender.
No problem, good to know.
Question: As part of the Webhooks specification on https://developer.github.com/webhooks/securing/ it does not specify you have to use a secret value. The GithubWebhook implementation expects the signature header to exist. Are there any plans to support insecure hooks or is it expecting if using the aspnet webhook the setup has to have a secret key?
Just want clarification before I spend time looking at potential options and sending a PR :-)