Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow additional headers to be part of the signature payload #643

Open
jacobweinstock opened this issue Jun 9, 2023 · 0 comments · May be fixed by #644
Open

Allow additional headers to be part of the signature payload #643

jacobweinstock opened this issue Jun 9, 2023 · 0 comments · May be fixed by #644
Labels
enhancement

Comments

@jacobweinstock
Copy link

Hello, thanks for the great tool!

I am interested in adding a new feature. The feature would allow for concatenating additional header values to the request body in order to create the signature payload for the payload-hmac-sha1, payload-hmac-sha256, payload-hmac-sha512 match rules. This feature would allow for greater flexibility in the composition of the signature payload.

This is especially useful when implementing relay prevention. A timestamp header can be included in the signature payload and then the execute-command can confidently use the timestamp header to validate if requests have been sent recently and reduce the risk of message replays.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Use additional headers in the signature payload: jacobweinstock/webhook
2 participants
@moorereason @jacobweinstock