-
-
Notifications
You must be signed in to change notification settings - Fork 3.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Protecting Huginn with HTTP auth breaks Twilio integration. #815
Comments
Doesn't the invitation code offer enough 'protection'? You could try |
I don't know. I set it up at the advice of @cantino. Hmmm... I'll try that. |
@dsander Since he is running in development mode, I encouraged him to put the site behind basic auth in nginx. Rails in development is fairly insecure (interactive debug consoles, error logs, etc.). @virtadpt you could probably set nginx to allow only requests to the webhook routes without basic auth, right? |
I could try. I haven't had time to mess with Huginn for a few weeks now. |
That'd be my recommendation. |
I've created a separate basic auth user for webhooks and I'm trying that URL spec - I forgot that you could do that. It works like a charm! |
Great! |
When using the Twilio agent to interact with the outside world, putting Huginn behind a web server which implements HTTP Basic Auth breaks inbound interaction from Twilio's API server. For example, sending a text message to an agent network results in the following error at Twilio:
Is there a way to work around this such that Twilio's API server can send incoming events while still preventing untrusted users from monkeying with Huginn?
The text was updated successfully, but these errors were encountered: