From b1d37fe3c0a6f1db7afd481b68d9eb2a3497c00b Mon Sep 17 00:00:00 2001 From: Shawn Jackson Date: Tue, 21 Apr 2026 09:09:11 -0700 Subject: [PATCH] Fix Twilio request validation URL scheme mismatch MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The UseTwilioRequestValidation() middleware was validating requests using the overridden 'https://' scheme (set by upstream middleware) while Twilio signed the webhook with the actual configured URL scheme (e.g. 'http://' in QA). This caused signature validation to fail for IncomingMessage and other Twilio endpoints, resulting in 403 responses reported by Twilio as timeouts. Fix: set BaseUrlOverride to SystemBehaviorConfig.ResgridApiBaseUrl so the validation URL always matches the base URL Twilio uses when signing — the same URL registered as the webhook in the Twilio console. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- Web/Resgrid.Web.Services/Startup.cs | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/Web/Resgrid.Web.Services/Startup.cs b/Web/Resgrid.Web.Services/Startup.cs index 18c1ef2b..23042c56 100644 --- a/Web/Resgrid.Web.Services/Startup.cs +++ b/Web/Resgrid.Web.Services/Startup.cs @@ -165,6 +165,11 @@ public void ConfigureServices(IServiceCollection services) { options.AuthToken = NumberProviderConfig.TwilioAuthToken; options.AllowLocal = false; + // BaseUrlOverride ensures the URL used for signature validation matches + // what Twilio used when signing the request, regardless of any scheme + // override applied by upstream middleware (e.g. http → https rewrites). + if (!string.IsNullOrWhiteSpace(Config.SystemBehaviorConfig.ResgridApiBaseUrl)) + options.BaseUrlOverride = Config.SystemBehaviorConfig.ResgridApiBaseUrl; }); services.AddApiVersioning(x =>