Skip to content

Commit

Permalink
reviewcomment: add webhook spoofing comment
Browse files Browse the repository at this point in the history 
Co-authored-by: Sam Mesterton-Gibbons <[email protected]>
  • Loading branch information
@philipnbbc @samdbmg
philipnbbc and samdbmg authored May 2, 2024
1 parent 761f2e0 commit 8e531fb
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion api/TimeAddressableMediaStore.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -170,7 +170,7 @@ paths:
of `events` SHOULD update the existing registration. POSTing an empty list of events SHOULD remove the
registration.
HTTP requests from the service SHOULD include a `api_key_name` header with the 'api_key_value' value.
HTTP requests from the service SHOULD include a `api_key_name` header with the 'api_key_value' value. Clients SHOULD verify this against the value they provided when registering the webhook.
API implementations SHOULD consider the security implementations of providing webhooks, and include appropriate
mitigations against Server Side Request Forgery (SSRF) attacks and similar.
Expand Down

0 comments on commit 8e531fb

Please sign in to comment.