Invalid signatures in Github payloads

Question

Invalid signatures in Github payloads

Closed this issue 8 years ago · 1 comments

@scothis has noticed that some Github payloads sent when a PR is merged have been getting rejected by conex with a 403. I checked and Github is actually providing an incorrect signature in the POST that it sends. I've filed a support request with Github for this.

It is unclear if this problem is repository-specific or not, but in case anyone else encounters it, the current workaround is to push a subsequent empty commit directly to the master branch of your repo. This will fire a webhook with the correct signature.

cc @yhahn @emilymcafee @jakepruitt @emilymdubois

Answer 1 · 2016-08-19T17:24:07.000Z

This appears to be caused by having emojis in commit messages or anything that shows up in the webhook payload. The signature calculation here needs to become emoji-tolerant.