You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
When creating a webhook, the "Secret" field is optional and blank by default:
In most cases, this will be fine. However, a more secure default would be to generate a random secret directly from the browser. There's really no reason to ever use unsigned webhooks - if users don't care about the signature, they can choose to not verify it.
Describe the solution you'd like.
Generate random webhook secrets directly when configuring them. Add an option to regenerate a secret if it needs to be changed.
Potentially, do not allow blank webhook secrets entirely.
Describe alternatives you've considered
🤷
Additional context
No response
The text was updated successfully, but these errors were encountered:
Is your feature request related to a problem? Please describe.
When creating a webhook, the "Secret" field is optional and blank by default:
In most cases, this will be fine. However, a more secure default would be to generate a random secret directly from the browser. There's really no reason to ever use unsigned webhooks - if users don't care about the signature, they can choose to not verify it.
Describe the solution you'd like.
Generate random webhook secrets directly when configuring them. Add an option to regenerate a secret if it needs to be changed.
Potentially, do not allow blank webhook secrets entirely.
Describe alternatives you've considered
🤷
Additional context
No response
The text was updated successfully, but these errors were encountered: