fix(webhooks): test url must be based on next public app url #1594
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Greptile Overview
Summary
Fixed webhook test URL generation to always use the configured public app URL instead of falling back to the request origin in production environments.
Key Changes:
- Removed conditional logic that used
request.url.originfor non-localhost environments - Now requires
NEXT_PUBLIC_APP_URLto be configured and returns 500 error if missing - Ensures webhook test URLs are always publicly accessible, regardless of internal routing or proxy configurations
Impact:
This fix prevents issues where webhook test URLs might contain internal or load balancer URLs instead of the proper public-facing URL, which would cause the URLs to be inaccessible when shared externally.
Confidence Score: 5/5
- This PR is safe to merge with no identified risks
- The change is a straightforward bug fix that improves correctness by ensuring webhook test URLs always use the public app URL. The added validation (checking for
NEXT_PUBLIC_APP_URLexistence) is a good defensive measure. No logical errors, security issues, or breaking changes detected. - No files require special attention
Important Files Changed
File Analysis
| Filename | Score | Overview |
|---|---|---|
| apps/sim/app/api/webhooks/[id]/test-url/route.ts | 5/5 | Fixed webhook test URL generation to always use NEXT_PUBLIC_APP_URL instead of request origin, ensuring correct public URL in production environments |
Sequence Diagram
sequenceDiagram
participant User
participant Frontend
participant TestUrlAPI as test-url route
participant TokenService as signTestWebhookToken
participant TestWebhookAPI as test webhook route
User->>Frontend: Click Generate Test URL
Frontend->>TestUrlAPI: POST with webhook ID
TestUrlAPI->>TestUrlAPI: Authenticate user
TestUrlAPI->>TestUrlAPI: Check permissions
TestUrlAPI->>TestUrlAPI: Validate config
TestUrlAPI->>TokenService: Sign token with TTL
TokenService-->>TestUrlAPI: JWT token
TestUrlAPI->>TestUrlAPI: Construct public URL
TestUrlAPI-->>Frontend: URL and expiry
Frontend-->>User: Display test URL
Note over User: Share URL externally
User->>TestWebhookAPI: POST webhook payload
TestWebhookAPI->>TestWebhookAPI: Verify token
TestWebhookAPI->>TestWebhookAPI: Execute in test mode
1 file reviewed, no comments
waleedlatif1
pushed a commit
that referenced
this pull request
Oct 11, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Was incorrectly falling back to origin rather than next public app url.
Type of Change
Testing
Manually
Checklist