Integrations: Don't allow webhooks without a secret #11083
Conversation
This is just a clean up, we already deprecated the use of webhooks without a secret.
There was a problem hiding this comment.
This PR looks good to me. I think we need to figure it out how to communicate to users they need to upgrade their webhook if they haven't done it yet, since we are removing that message in this PR.
We could create a notification and attach it to those projects that still have a webhook without a secret and "cancel" it once all their webhook are valid --or something around those lines.
| missing_secret_for_pr_events_msg = dedent( | ||
| """ | ||
| This webhook doesn't have a secret configured. | ||
| For security reasons, webhooks without a secret can't process pull/merge request events. | ||
| For more information, read our blog post: https://blog.readthedocs.com/security-update-on-incoming-webhooks/. | ||
| """ | ||
| ).strip() |
There was a problem hiding this comment.
Are all the webhooks already migrated to those with a secret?
This message still seems useful to users that haven't migrated yet. If we remove it, how they will know they need to upgrade their integration?
There was a problem hiding this comment.
We show a similar message now
readthedocs.org/readthedocs/api/v2/views/integrations.py
Lines 75 to 81 in ff7a3b7
There was a problem hiding this comment.
The deleted message was to stop processing PR builds from integrations without a secret
There was a problem hiding this comment.
Hrm, it seems that message is missing translation.
Suspect IssuesThis pull request was deployed and Sentry observed the following issues:
Did you find this useful? React with a 👍 or 👎 |
This is just a cleanup, we already deprecated the use of webhooks without a secret.