Update request header signature to validate against SHA-256

mreinstein / alexa-verifier

✓ Verify HTTP requests sent to an Alexa skill are sent from Amazon

MIT License

76 stars 23 forks source link

Update request header signature to validate against SHA-256 #68

Closed tejashah88 closed 9 months ago

tejashah88 commented 1 year ago

Referencing from here, Amazon as of March 2022 recommends verifying the header's Signature-256 against the SHA-256 hash of the request body, as documented here.

Might also be worth revisiting the checklist to make sure this module is up-to-date for such checks.