Signature computation seems to have changed in 7.x.x

I have…

I’m submitting a…

  • [ ] Regression (a behavior that stopped working in a new release)
  • [ ] Bug report
  • [ ] Performance issue
  • [x] Documentation issue or request

Current behavior

After upgrading to 7+ it seems that the transmitted request body is formatted differently when looking at the logs of my rule triggering a webhook. This isn’t a problem in general, but it seems that this also impacts the computation of the signature. I had to change my computation when reading the request body from JSON.stringify(body) to JSON.stringify(body,null,2) to take the indentation into account.

Expected behavior

I am not sure if this is a bug or not - it still works as expected if you know that change. But it could potentially break a lot of existing implementations not being aware of it. And I had a hard time to find out what’s going on. I just tried it out because I read that the JSON serialisation changed in 7.x.x and wanted to give it a try.

Minimal reproduction of the problem

Simply create a webhook rule and make use of shared secret.

Environment

App Name:

  • [x] Self hosted with docker
  • [ ] Self hosted with IIS
  • [ ] Self hosted with other version
  • [ ] Cloud version

Version: 7.4.0

Browser:

  • [ ] Chrome (desktop)
  • [ ] Chrome (Android)
  • [ ] Chrome (iOS)
  • [ ] Firefox
  • [ ] Safari (desktop)
  • [ ] Safari (iOS)
  • [ ] IE
  • [ ] Edge

Others:

This was discussed here: JSON in webhook signature missmatch

Sorry for reopening and thanks for the quick response!

1 Like