You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When creating a New GitHub Application via https://github.com/settings/apps/new
we are given the option to add a Webhook Secret:
While the Webhook Secret is "optional", I feel it would add good "security layer" to our app.
Otherwise anyone can "spoof" a webhook POST request to our app and make an "edit" to someone else's issue.
Yes, this would be "non-destructive" because the "single-source-of-truth" is still GitHub.
But if the person made multiple "malicious" edits they could create quite a lot of spam/noise.
I don't think we need to do this "urgently" while we are using the app internally,
but as soon as it's public we should consider adding this layer of protection.
When creating a New GitHub Application via https://github.com/settings/apps/new
we are given the option to add a
Webhook Secret
:While the
Webhook Secret
is "optional", I feel it would add good "security layer" to our app.Otherwise anyone can "spoof" a webhook
POST
request to our app and make an "edit" to someone else's issue.I don't think we need to do this "urgently" while we are using the app internally,
but as soon as it's
public
we should consider adding this layer of protection.How would this work in our Elixir/Phoenix App?
The
ruby
code in the docs: https://developer.github.com/webhooks/securingshould be fairly easy to "translate" to Elixir.
The text was updated successfully, but these errors were encountered: