You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It sounds like we'll need to change the text to explicitly allow alternative hashing algorithms to be used, where the key name of the signature corresponds to the hashing algorithm being used. Since it's a key name, there needs to be an explicit list of allowed hashes, otherwise it would be impossible to know which one is being used.
"The X-Hub-Signature header's value must be in the form method=signature where method is one of the recognized algorithm names and signature is the hexadecimal representation of the signature. The signature MUST be computed using the HMAC algorithm [RFC6151] with the request body as the data and the hub.secret as the key."
Here is what the WebCryptoAPI has done, we should probably use text like this:
https://www.w3.org/TR/WebCryptoAPI/#sha
The text was updated successfully, but these errors were encountered: