jprdonnelly/docs
1
0
Fork 0
mirror of synced 2026-01-08 12:01:53 -05:00
Code Issues Projects Releases Wiki Activity

Merge branch 'main' into desktop-disabling-repo-indicators

Browse Source
This commit is contained in:
Ethan Palm
2021-02-10 08:48:48 -05:00
committed by GitHub
parent 94c5b59a94 f61b9a7065
commit 85533e68fd
2 changed files with 9 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
content/actions/reference/authentication-in-a-workflow.md
View File

@@ -71,7 +71,8 @@ You can use the `GITHUB_TOKEN` to make authenticated API calls. This example wor
--data '{
"title": "Automated issue for commit: ${{ github.sha }}",
"body": "This issue was automatically created by the GitHub Action workflow **${{ github.workflow }}**. \n\n The commit hash was: _${{ github.sha }}_."
}'
}' \
--fail
```
{% endraw %}

8
content/developers/webhooks-and-events/securing-your-webhooks.md
View File

@@ -41,7 +41,7 @@ When your secret token is set, {% data variables.product.product_name %} uses it
{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.22" %}
{% note %}
**Note:** For backward-compatibility, we also include the `X-Hub-Signature` header that is generated using the SHA-1 hash function. If possible, we recommend that you use the `X-Hub-Signature-256` header for improved security. The example below demonstrate using the `X-Hub-Signature-256` header.
**Note:** For backward-compatibility, we also include the `X-Hub-Signature` header that is generated using the SHA-1 hash function. If possible, we recommend that you use the `X-Hub-Signature-256` header for improved security. The example below demonstrates using the `X-Hub-Signature-256` header.
{% endnote %}
{% endif %}
@@ -80,6 +80,12 @@ def verify_signature(payload_body)
end{% endif %}
```
{% note %}
**Note:** Webhook payloads can contain unicode characters. If your language and server implementation specifies a character encoding, ensure that you handle the payload as UTF-8.
{% endnote %}
Your language and server implementations may differ from this example code. However, there are a number of very important things to point out:
* No matter which implementation you use, the hash signature starts with {% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.22" or "github-ae@latest" %}`sha256=`{% elsif currentVersion ver_lt "enterprise-server@2.23" %}`sha1=`{% endif %}, using the key of your secret token and your payload body.