-
-
Notifications
You must be signed in to change notification settings - Fork 4.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Webhook signature verification fails #71025
Comments
Assigning to @getsentry/support for routing ⏲️ |
Routing to @getsentry/product-owners-settings-integrations for triage ⏲️ |
Thanks for this report, we will investigate this cc @sentaur-athena |
This issue is fixed now. We investigated and the reason was a new json serializer we started using since May 9. We reverted the changes to the previous serializer and looking at dashboards the 400 and 401 responses are eliminated. |
@quintasda as we're adding back the new serializer wanted to make sure we're not breaking customer's experience. Can you please provide me with code snippet of how you're validating signature? You mentioned Verify the Signature from our docs but I was wondering if you're using the python or js example? Also what you use to dump json. |
@sentaur-athena I'm having issues with this using the exact code from the Sentry docs:
This is on NodeJS 19. Frankly, I don't think this solution is technically sound. See the discussion here: nodejs/node#15628 |
@jasonyonker I agree with you. We should look into something more stable here. Let me look into it and get back to you. |
@jasonyonker I read the discussion you sent and I don't think any string serializer would work here since any customer might use a different language and framework. I'll update the docs and suggest to do the verification on raw bytes of body. The catch with that is that some frameworks don't provide raw body bytes at all. Looks like Can you try with |
Update: We'll update the docs to bring awareness to this issue |
Environment
SaaS (https://sentry.io/)
Steps to Reproduce
Verify the Signature
Customer case
Expected Result
The signature matches
Actual Result
The signature doesn't match in ~10% of the messages
Product Area
Settings - Integrations
Link
No response
DSN
No response
Version
No response
The text was updated successfully, but these errors were encountered: