Open charlie-s opened 10 years ago
I think it would be smart to generate the HMAC of the request body using the secret key that's set when configuring the webhook and compare it with the X-Hub-Signature header that GitHub sends in the request.
:+1:
I think it would be smart to generate the HMAC of the request body using the secret key that's set when configuring the webhook and compare it with the X-Hub-Signature header that GitHub sends in the request.