New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[feat] webhook payload signature verification #235
Comments
You could verify the request came from mx1.forwardemail.net or mx2.forwardemail.net resolved IP addresses. I will add a signature or something as soon I can. Trying to ship the browser extension among other things. Thanks for raising this point @cauethenorio. |
Hey @niftylettuce, is this still on the roadmap or are there other solutions for that now? |
Will see what we can do! |
Another solution is to just check that the IP resolved that it's coming from resolves to |
Thanks for your fast response. Checking the IP works for me. :) |
Currently, when my application receives the webhook payload sent by
free-email-forwarding
there's no way to validate the request authenticity.It would be nice if it has some validation field, like the
signature
one which mailgun uses in their webhooks:https://documentation.mailgun.com/en/latest/user_manual.html?highlight=signature#webhooks
Thanks for building this awesome project and making it open-source @niftylettuce!
The text was updated successfully, but these errors were encountered: