Signature error involving email params
koders opened this issue · comments
There is an issue with signature creation for requests involving emails (subaccount requests).
The query params are encoded and then the signature is created from encoded query, but for the signature to be correct, it has to be created on decoded query, and encoded after signature is created.
email=xxx%40xxx.com
this is encoded, and therefore creates wrong signature, so we need to decode it, when creating the signature.
I encountered this only for emails in params, but could also happen in other cases
There is a simple fix to it by replacing query
with decodeURIComponent(query)
on line 331 when creating signature under signedRequest
method.