GitHub-WebHook icon indicating copy to clipboard operation
GitHub-WebHook copied to clipboard

Published 20 hours ago verified publisher icon xPaw

Remove ValidateIPAddress and recommend using ValidateHubSignature

Open xPaw opened this issue 9 years ago • 1 comments

I don't really like having a hardcoded IP range in sourcecode, it could possibly change as well.

xPaw avatar Apr 25 '15 20:04 xPaw

GitHub appears to agree. They seem to view validating with the key as an alternative to IP white-listing. From GitHub's (Securing your webhooks)[https://developer.github.com/webhooks/securing/]:

There are a few ways to go about this–for example, you could opt to whitelist requests from GitHub’s IP address–but a far easier method is to set up a secret token and validate the information.

StoneyJackson avatar Apr 26 '15 10:04 StoneyJackson