Skip to content

Ability to require a specific header to accept incoming webhook. #24270

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
greatestusername opened this issue Jul 14, 2023 · 4 comments
Closed

Ability to require a specific header to accept incoming webhook. #24270

greatestusername opened this issue Jul 14, 2023 · 4 comments
Labels
enhancement New feature or request receiver/webhookevent

Comments

@greatestusername
Copy link
Contributor

greatestusername commented Jul 14, 2023
edited
Loading

Component(s)

receiver/webhookevent

Is your feature request related to a problem? Please describe.

Use Case:
Many webhooks send along an HTTP header to pass a secret/token. For example GitLab uses the token X-GitLab-Token.

Describe the solution you'd like

Allow an optional config setting in the webhook receiver to add a header that must be matched before accepting the incoming connection.

Essentially a config like:

receivers:
  webhookevent:
    endpoint: 0.0.0.0:9444
    path: "/event"
    required_header: "
      key: "X-Gitlab-Token"
      value: "blahblahblah"

Any requests to the webhook receiver that do not have that required header would be returned a 401

Describe alternatives you've considered

Possible some integrations would want to send a token in the query param but headers is most common.

Additional context

No response
@greatestusername greatestusername added enhancement New feature or request needs triage New item requiring triage labels Jul 14, 2023
@github-actions
Copy link
Contributor

Pinging code owners:

See Adding Labels via Comments if you do not have permissions to add labels yourself.

@greatestusername
Copy link
Contributor Author

I have working code and tests for this if @atoulme / @shalper2 would like to sponsor the addition.

@shalper2
Copy link
Contributor

I would be more than happy to sponsor this

@greatestusername greatestusername mentioned this issue Jul 24, 2023
Merged
dmitryax pushed a commit that referenced this issue Aug 3, 2023
@greatestusername
[receiver/webhook] Option to add a required header (#24452)
84f3677 
**Description:** 
Adding a feature - Allow option of adding a required header for incoming
webhook requests. If header doesn't match, returns a 401.

**Link to tracking Issue:**
[<24270>](#24270)
@atoulme
Copy link
Contributor

atoulme commented Aug 28, 2023

I believe the work here is complete, thanks @greatestusername !

@atoulme atoulme closed this as completed Aug 28, 2023
@atoulme atoulme removed the needs triage New item requiring triage label Aug 28, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request receiver/webhookevent
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@atoulme @greatestusername @shalper2