sfreiberg / gotwilio

Twilio library for Go (golang).

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Supporting GET request signature validation

dsamarin opened this issue · comments

According to this code, only POST requests are supported. However, Twilio accesses fax media files using a GET request. As far as I can see and have roughly tested, simply allowing the function to continue even if its a GET request correctly validates the signature.

gotwilio/util.go

Lines 62 to 69 in 06f83df

func (twilio *Twilio) CheckRequestSignature(r *http.Request, baseURL string) (bool, error) {
if r.Method != "POST" {
return false, errors.New("Checking signatures on non-POST requests is not implemented")
}
if err := r.ParseForm(); err != nil {
return false, err
}

Browsing the Twilio documentation, it says that appending the full raw query to the URL is sufficient. Likewise, r.URL.String() includes the entire raw query. Any POST parameters are appended to that. If we call ParseForm on a GET request, the request Body is not read, and r.PostForm is initialized to a non-nil, empty value. So GenerateSignature still functions as it should.