This repository has been archived by the owner on Jun 7, 2018. It is now read-only.
webhook endpoint is vulnerable to unprivileged requests #2
Assignees
Labels
enhancement
New feature or request
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
currently w2d is only verifying the travis signature which means that only travis instances are allowed to send requests. if someone creates a travis job that notifies w2d it will be also forwarded to discord.
add a config file to define discord webhook urls per github slug (owner/repo) that only specific repos are allowed to forward travis notifications to discord
The text was updated successfully, but these errors were encountered: