Похожие чаты

Anyone here used NEXTJS 13? How do you allow webhook

events to come from certain IPs? I have list of 5 IPs. Can I just check for x-real-ip request header and if it includes then execute code otherwise throw error. Would this work or can it be improved?

5 ответов

50 просмотров

That sounds unsafe, what if I just set x-real-ip to one of your whitelisted IP's and make a request

Adi- Автор вопроса
Thomas
That sounds unsafe, what if I just set x-real-ip t...

You mean to say it can be easily manipulated right? What would you suggest then?

usually webhooks are supposed to contain a checksum which can be verified

Adi- Автор вопроса
dog Ass
usually webhooks are supposed to contain a checksu...

Yes I have done that. Verifying signature instead of verifying IPs

Похожие вопросы

Обсуждают сегодня

Господа, а что сейчас вообще с рынком труда на делфи происходит? Какова ситуация?
Rꙮman Yankꙮvsky
29
А вообще, что может смущать в самой Julia - бы сказал, что нет единого стандартного подхода по многим моментам, поэтому многое выглядит как "хаки" и произвол. Короче говоря, с...
Viktor G.
2
@Benzenoid can you tell me the easiest, and safest way to bu.y HEX now?
Živa Žena
20
This is a question from my wife who make a fortune with memes 😂😂 About the Migration and Tokens: 1. How will the old tokens be migrated to the new $LGCYX network? What is th...
🍿 °anton°
2
30500 за редактор? )
Владимир
47
а через ESC-код ?
Alexey Kulakov
29
What is the Dex situation? Agora team started with the Pnetwork for their dex which helped them both with integration. It’s completed but as you can see from the Pnetwork ann...
Ben
1
Гайс, вопрос для разносторонее развитых: читаю стрим с юарта, нада выделять с него фреймы с определенной структурой, если ли чо готовое, или долбаться с ринг буффером? нада у...
Vitaly
9
Anyone knows where there are some instructions or discort about failed bridge transactions ?
Jochem
21
@lozuk how do I get my phex copies of my ehex from a atomic wallet, to move to my rabby?
Justfrontin 👀
11
Карта сайта