Trigger API should not start workflow without verification

Bug #1390141 reported by Melissa Kam on 2014-11-06
This bug affects 1 person
Affects Status Importance Assigned to Milestone

Bug Description

A POST to an assembly's trigger uri starts the workflow regardless of the headers, body, etc. of the request. There needs to be some kind of verification because of security purposes and because GitHub automatically sends a ping to the uri whenever a webhook is created in order to test if it is a valid link. This ping triggers the assembly workflow, causing an unnecessary run.

James Li (james-li-3) wrote :

Yes, for Github we need to leverage the webhook secret to do the verification. Thanks for logging the bug.

Changed in solum:
status: New → Confirmed
tags: added: solum-api
Changed in solum:
importance: Undecided → High
Ashish (ashish-jain14) wrote :

how can this be created?

Ashish (ashish-jain14) on 2016-02-11
Changed in solum:
assignee: nobody → Ashish (ashish-jain14)
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers