Header "X-Frappe-Webhook-Signature" is not added when "enable security" is checked for webhook

Vinay1 · October 6, 2023, 6:47am

i created a webhook and as per docs when enable security is checked and a secret key is mentioned then a header “X-Frappe-Webhook-Signature” should be added to the request headers

but the header is not being added

what is the issue

revant_one · October 7, 2023, 2:09pm

It’ll be sent as header to the request made to Request URL when webhook is triggered.

github.com

frappe/frappe/blob/eee418a4c69148e76621f52dcf6ee9543199e334/frappe/integrations/doctype/webhook/webhook.py#L225-L242


      
          	if webhook.enable_security:
          		data = get_webhook_data(doc, webhook)
          		signature = base64.b64encode(
          			hmac.new(
          				webhook.get_password("webhook_secret").encode("utf8"),
          				json.dumps(data).encode("utf8"),
          				hashlib.sha256,
          			).digest()
          		)
          		headers[WEBHOOK_SECRET_HEADER] = signature
          
          
	if webhook.webhook_headers:
          		for h in webhook.webhook_headers:
          			if h.get("key") and h.get("value"):
          				headers[h.get("key")] = h.get("value")
          
          
	return headers

Vinay1 · October 8, 2023, 7:59am

thanks @revant_one but in it is not showing in dev tools

so is it working properly or not?

revant_one · October 8, 2023, 3:01pm

if you’re expecting all requests to have that header it’s not going to happen.

It’ll be NOT be sent as header to all the requests made by frappe framework.

set a webhook url where you can log headers, it’ll be some backend service and not a browser.