You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When authenticating REST endpoint calls hasura does not sent the REST request body.
This causes problems with platforms like stripe where you need to verify the stripe webhook request body with their stripe-signature header.
Using hasura in the POST auth webhook configuration just passes a null request body to the auth webhook making it impossible to verify that validity of the stripe webhook call.
What is the expected behaviour?
That hasura would pass along the gql request body for the underlying REST endpoint as the documentation describes.
How to reproduce the issue?
Create an auth webhook and run hasura in POST auth webhook mode
Create a REST endpoint in hasura making a authenticated gql query
Log the request body of the auth webhook call.
Verify the headers property and note the null value of the request property.
Please provide any traces or logs that could help here.
web | [NEXT] body {
web | [NEXT] headers: {
web | [NEXT] Accept: '*/*; q=0.5, application/xml',
web | [NEXT] 'Accept-Encoding': 'gzip',
web | [NEXT] 'Cache-Control': 'no-cache',
web | [NEXT] 'Content-Length': '7159',
web | [NEXT] 'Content-Type': 'application/json; charset=utf-8',
web | [NEXT] Host: 'graphql-engine.prof.dev.x.sh',
web | [NEXT] 'Stripe-Signature': 't=1724395973,v1=xxx',
web | [NEXT] 'User-Agent': 'Stripe/1.0 (+https://stripe.com/docs/webhooks)',
web | [NEXT] 'X-Forwarded-For': '192.168.65.1',
web | [NEXT] 'X-Forwarded-Host': 'graphql-engine.prof.dev.x.sh',
web | [NEXT] 'X-Forwarded-Port': '443',
web | [NEXT] 'X-Forwarded-Proto': 'https',
web | [NEXT] 'X-Forwarded-Server': '01b8639a93c8',
web | [NEXT] 'X-Real-Ip': '192.168.65.1',
web | [NEXT] 'x-request-id': 'c7764582-44fc-491c-b186-ab7f8c1986b1'
web | [NEXT] },
web | [NEXT] request: null
web | [NEXT] }
Any possible solutions/workarounds you're aware of?
Writing a Go service to do this instead.
The text was updated successfully, but these errors were encountered:
Version Information
Server Version: v2.37.0
Environment
CE
What is the current behaviour?
When authenticating REST endpoint calls hasura does not sent the REST request body.
This causes problems with platforms like
stripe
where you need to verify thestripe
webhook request body with theirstripe-signature
header.Using hasura in the POST auth webhook configuration just passes a
null
request body to the auth webhook making it impossible to verify that validity of thestripe
webhook call.What is the expected behaviour?
That hasura would pass along the gql request body for the underlying REST endpoint as the documentation describes.
How to reproduce the issue?
headers
property and note thenull
value of therequest
property.Please provide any traces or logs that could help here.
Any possible solutions/workarounds you're aware of?
Writing a Go service to do this instead.
The text was updated successfully, but these errors were encountered: