verifyRequestSignature breaks if request does not contain required headers #1069
Closed
5 of 16 tasks
Labels
bug
M-T: A confirmed bug report. Issues are confirmed when the reproduction steps are documented
Description
verifyRequestSignature
breaks if the POST request does not contain any of the required headersWhat type of issue is this? (place an
x
in one of the[ ]
)Requirements (place an
x
in each of the[ ]
)Bug Report
Filling out the following details about bugs will help us solve your issue sooner.
Packages:
Select all that apply:
@slack/web-api
@slack/events-api
@slack/interactive-messages
@slack/rtm-api
@slack/webhooks
@slack/oauth
Reproducible in:
package version: latest
node version: v10.15.3
OS version(s): macos 10.15.5
Steps to reproduce:
/api/slack/event
but don't include any of the required headers (x-slack-signature, x-slack-request-timestamp)Expected result:
The request should be rejected
Actual result:
The request results in an internal server error
This happens because at
node-slack-sdk/packages/events-api/src/http-handler.ts
Line 173 in c379711
we cast the headers as strings. IMO they should be treated as
string | undefined
and then handled appropriately inverifyRequestSignature
. This would be nicer than the app throwing errors when requests are missing headers.The text was updated successfully, but these errors were encountered: