When sending data to a remote URL, the app essentially works as a web-hook. It would be nice if some integrity mechanism was added. Simplest being some kind of hmac('sha-256', secret, payload) put into a header.
The secret field should be configurable. This way the server can validate the authenticity of the payload and not simply expose an endpoint where anyone with the knowledge of the URL can write bogus data to.
Hello,
When sending data to a remote URL, the app essentially works as a web-hook. It would be nice if some integrity mechanism was added. Simplest being some kind of
hmac('sha-256', secret, payload)
put into a header.The
secret
field should be configurable. This way the server can validate the authenticity of the payload and not simply expose an endpoint where anyone with the knowledge of the URL can write bogus data to.