Skip to content

Case of X-Hub-Signature-256 header is incorrect in "Securing your webhooks" topic #20134

Description

Code of Conduct

What article on docs.github.com is affected?

"Securing your webhooks" https://docs.github.com/en/developers/webhooks-and-events/webhooks/securing-your-webhooks

What part(s) of the article would you like to see updated?

The HTTP headers that holds the request signature is given as X-Hub-Signature-256. It is actually sent by GitHub as x-hub-signature-256. In some environments, case matters. (In the Ruby example given, it doesn't matter, because the value is accessed through an Apache HTTP environment variable where the name gets mangled into all uppercase.)

My webhook is an AWS Lambda function and the headers are provided as part of the JSON event record, so I had to log the headers to see what the actual casing was when the documented header name didn't work.

Additional information

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    contentThis issue or pull request belongs to the Docs Content team

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions