recurly / recurly-client-ruby

A Ruby API wrapper for Recurly
https://developers.recurly.com
MIT License
180 stars 128 forks source link

Signature Verification: Exactly One Should Match #913

Open StevenXL opened 3 months ago

StevenXL commented 3 months ago

Describe the bug

Recurly documentation indicates that, for a webhook notification to be valid, exactly one signature should match. The code at here would allow for any number of matches.