Closed greenpau closed 2 years ago
It doesn't appear that you actually validate X-Hub-Signature-256
?
@QuLogic , want to put a fix? :-)
It doesn't appear that you actually validate X-Hub-Signature-256
Reopening it.
Will address the signature validation via https://github.com/greenpau/caddy-git/issues/11
Per @joeworkman,
Add Caddyfile directive:
When a request comes via API endpoint, inspect the header and authorize based on the presence of the webhook header and secret.