Created
March 21, 2020 13:03
-
-
Save felixdorn/c7b37cedfe0d9aba601345460037c148 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| require __DIR__ . '/../vendor/autoload.php'; | |
| error_reporting(E_ALL); | |
| ini_set('error_reporting', E_ALL); | |
| $payload = file_get_contents('php://input'); | |
| $hash = explode( | |
| '=', | |
| array_key_exists('X-Hub-Signature', getallheaders()) ? getallheaders()['X-Hub-Signature'] : "=" | |
| )[1]; | |
| if ($hash !== hash_hmac('sha1', $payload, 'secret')) { | |
| http_response_code(403); | |
| die(403); | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This is crap code for a test, but it's the good way to secure a webhook.