Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(webhooks): validate Twilio signatures with escaped and unescaped query string values fixes #1059 #1061

Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

fix(webhooks): validate Twilio signatures with escaped and unescaped query string values fixes #1059 #1061

wants to merge 4 commits into from

Conversation

leon19
Copy link

@leon19 leon19 commented Jan 9, 2025

Fixes #1059

Update the validateRequest() function to fallback to a query string parser that does not escape single quotes if the request validation fails.

Why?
Query string values that contain single quotes (') are escaped when using new URL(), but the Twilio server seems to generate the signature with the unescaped single quote value, causing the validation to fail in the scenario described in #1059

Checklist

  • I acknowledge that all my contributions will be made under the project's license
  • I have made a material change to the repo (functionality, testing, spelling, grammar)
  • I have read the Contribution Guidelines and my PR follows them
  • I have titled the PR appropriately
  • I have updated my branch with the main branch
  • I have added tests that prove my fix is effective or that my feature works
  • I have added the necessary documentation about the functionality in the appropriate .md file
  • I have added inline documentation to the code I modified

If you have questions, please file a support ticket, or create a GitHub Issue in this repository.

@leon19 leon19 force-pushed the bugfix/request-validation-with-query-string-values-containing-single-quotes branch 5 times, most recently from 369a399 to 66e4862 Compare January 9, 2025 11:01
@leon19 leon19 force-pushed the bugfix/request-validation-with-query-string-values-containing-single-quotes branch from 66e4862 to 4c908e6 Compare January 14, 2025 10:02
@leon19 leon19 mentioned this pull request Jan 14, 2025
Open
tiwarishubham635
tiwarishubham635 requested changes Jan 16, 2025
View reviewed changes
src/webhooks/webhooks.ts Outdated Show resolved Hide resolved
@leon19 leon19 force-pushed the bugfix/request-validation-with-query-string-values-containing-single-quotes branch from cb82ff9 to cd6a943 Compare January 20, 2025 10:18
tiwarishubham635
tiwarishubham635 approved these changes Jan 20, 2025
View reviewed changes
Copy link
Contributor

@tiwarishubham635 tiwarishubham635 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tiwarishubham635 tiwarishubham635 tiwarishubham635 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Bug] validateRequest() is not working when a query param includes a single quote (')
2 participants
@leon19 @tiwarishubham635