Warm tip: This article is reproduced from serverfault.com, please click
http http-headers security webhooks zapier

Accessing request headers with Zapier Webhook triggers

发布于 2017-09-12 13:47:18

Is there a way to retrieve HTTP Headers when using Zapier Webhook triggers? With Catch Hook and Catch Raw Hook triggers the headers doesn't seem to be available in later steps (even using a Code step).

For example with something like:

curl -H 'Content-Type: application/json' \
     -H 'x-webhook-signature: abc123!'
     POST -d '{"secret": "I am a banana"}'
     https://hooks.zapier.com/hooks/catch/123/abc/

How to read the value of x-webhook-signature value in a Zapier in or after a Webhook trigger?

This is especially important for us as the headers contains authentication information without which we cannot verify the authenticity nor the identity of the sender. It's a great security issue.

Questioner
Pierre B.
Viewed
0
分享
xavdid 2017-09-16 04:28:53

David here, from the Zapier Platform team.

Sorry to be the bearer of bad news, but this isn't something we currently support in our webhooks app. If the proxy server isn't an option, it might be possible to write a custom CLI app to catch your hooks. It has access to the incoming header and could copy that information into the body. The tricky part of that is that you no longer have the benefit of a single URL to throw hooks at - each zaps broadcasts its url when it's turned on. Success would depend on being able to capture that broadcast somewhere and adjust your data accordingly.

Again, sorry this isn't possible now. ​Let me know if you've got any other questions!

Pierre B. 2017-09-17 13:18:00

Thanks David, I'll take a look into that. Any chance you will add a this as a new feature to the Zapier Webhook trigger in the (near) future?

xavdid 2017-09-18 18:10:50

Yes indeed! I've made a note about it in or internal feature tracker. We'll probably comment here if it ever gets made (normally we take an email, but this question works fine)

mrded 2020-11-26 16:57:03

If you move a payload signature from header to the payload - the signature will change.

热门github

1
A multi-platform library for OpenGL, OpenGL ES, Vulkan, window and input
2
Dev tool that writes scalable apps from scratch while the developer oversees the implementation
3
shadcn/ui, but for Svelte. ✨
4
The Python Risk Identification Tool for generative AI (PyRIT) is an open access automation framework to empower security professionals and machine learning engineers to proactively find risks in their generative AI systems.
5
Performance-portable, length-agnostic SIMD with runtime dispatch
6
ZK Credo
7
OpenCodeInterpreter: Integrating Code Generation with Execution and Refinement
8
Joplin - the secure note taking and to-do app with synchronisation capabilities for Windows, macOS, Linux, Android and iOS.
9
Mamba is a new state space model architecture showing promising performance on information-dense data such as language modeling, where previous subquadratic models fall short of Transformers. It is based on the line of progress on structured state space models, with an efficient hardware-aware design and implementation in the spirit of FlashAttention.
10
This repository contains System Design resources which are useful while preparing for interviews and learning Distributed Systems
11
Curso para aprender el lenguaje de programación Python desde cero y para principiantes. 75 clases, 37 horas en vídeo, código, proyectos y grupo de chat. Fundamentos, frontend, backend, testing, IA...
12
🎓 Path to a free self-taught education in Computer Science!
13
1️⃣🐝🏎️ The One Billion Row Challenge -- A fun exploration of how quickly 1B rows from a text file can be aggregated with Java
14
A collective list of free APIs
15
📚 Freely available programming books