-
Notifications
You must be signed in to change notification settings - Fork 237
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
gitea push hook secret comes from the payload not a form #34
Comments
The secret was deprecated in favor of using the hmac signature in the header to verify authenticity. One of the gitea maintainers recently submitted a pull request to support hmac verification, with a fallback to reading the secret. See #24. |
fix: add support for get PRs to bitbucket cloud
Can we close this issue? |
I think this remains an open issue. The secret should come from the payload, but the current implementation gets the value from a URL query parameter (via |
But the secret had been deprecated in favor of the hmac signature? |
just tried gitea's push webhook handling and it looks like the secret comes in via the json payload rather than via a form.
PR on its way...
The text was updated successfully, but these errors were encountered: