[zanata-bugs] [Bug 1213630] Webhook header needs to include cryptographic signature in header for identification.
bugzilla at redhat.com
bugzilla at redhat.com
Thu Jun 18 19:06:24 UTC 2015
https://bugzilla.redhat.com/show_bug.cgi?id=1213630
--- Comment #1 from Ralph Bean <rbean at redhat.com> ---
Just to clarify, we can't actually use the webhooks feature in Fedora
Infrastructure unless this is implemented.
If anyone used the webhooks feature, there is no way currently to verify that
the POST actually comes from zanata.org, and so they would be wide open to
abuse.
It would be quite convenient if zanata signed their messages in the same way or
in a similar way that github.com does.
https://developer.github.com/webhooks/securing/#validating-payloads-from-github
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=HQboxMZaTU&a=cc_unsubscribe
More information about the zanata-bugs
mailing list