Validation issue with example_webhook_test.go
tjdavis3 opened this issue · comments
Todd Davis commented
In the go example there is a very high probability that it will fail validation. In the following line the signature is created using time.Now()
. However, the header is set in line 42 using ts.Unix()
and ts was created at the top of the function (also using time.Now()). The difference may be in the milliseconds range, but it could be enough to cause a validation failure. The correct way to do it would be to use the ts
value when creating the signature.
Jorge commented
That's a very valid point. A millisecond drift could make this validation fail.