For the webhook timestamp verification, the current date and the date from the webhook is compared. The X-Orb-Timestamp header does not include a timezone, so initializing a date using new Date will use the local timezone, instead of UTC:
|
const timestamp = new Date(msgTimestamp); |
When your server is running in a non-UTC timezone, this will lead to multiple hours of differences between the timestamp and the current date, given the wrongly used timezone.
Two possible solutions:
- Include the timezone in the
x-orb-timestamp header (basically breaking change)
- Assume UTC timezone (append
Z when using new Date or use a different way to create the date)
For the webhook timestamp verification, the current date and the date from the webhook is compared. The
X-Orb-Timestampheader does not include a timezone, so initializing a date usingnew Datewill use the local timezone, instead of UTC:orb-node/src/resources/webhooks.ts
Line 96 in 3ef8638
When your server is running in a non-UTC timezone, this will lead to multiple hours of differences between the timestamp and the current date, given the wrongly used timezone.
Two possible solutions:
x-orb-timestampheader (basically breaking change)Zwhen usingnew Dateor use a different way to create the date)