Comments (7)
Hmm the github docs still say it will do that... http://developer.github.com/v3/repos/hooks/#example
from strider-github.
May be worth reporting to github support. I have seen API breakages in the
past, but they fixed them extremely quickly.
On Friday, February 28, 2014, Jared Forsyth [email protected]
wrote:
Hmm the github docs still say it will do that...
http://developer.github.com/v3/repos/hooks/#exampleReply to this email directly or view it on GitHubhttps://github.com//issues/8#issuecomment-36417158
.
Niall O'Higgins
W: http://niallohiggins.com
E: [email protected]
T: @niallohiggins
from strider-github.
It seems this is a bug on the @github side. There is a case where GitHub will not send the X-Hub-Signature
request header.
-
First of all, GitHub is rejecting my SSL certificate for my Strider install (not sure why, Chrome thinks it's cool).
-
Strider creates the webhook through GitHub's API with the following
config
(I've addedcontent_type
andinsecure_ssl
in my testing using the documented GitHub defaults):
...
"config": {
"url": "https://strider.example.com/user/repo/api/github/webhook",
"secret": "mysecret",
"content_type": "form",
"insecure_ssl": 0
}
...
- As soon as the webhook is added, GitHub sends off a ping event, which never hits the server because GitHub appears to be rejecting the server certificate.
- I then disable the SSL verification through the project settings on GitHub (which I assume should simply change the value of
insecure_ssl
from0
to1
).
- Now, after disabling the SSL verification, the request from GitHub will hit Strider, but the requests no longer have the
X-Hub-Signature
header.
Conclusion:
-
it seems to be a bug on GitHub's side that
X-Hub-Signature
request headers are not sent with requests after disabling ssl verification if it was created originally with it on. -
GitHub should make SSL verification rejections displayed more clearly, rather than just showing a response of 0 bytes.
-
Strider does not properly handle
ping
events from GitHub that are sent immediately after enabling the webhook (it tries to treat them as commits).
POST /[redacted]/api/github/hook 200 120ms - 18b
2 Mar 08:51:46 - info: got a body: { payload: '{"zen":"Favor focus over features.","hook_id": "redacted"}' }
2 Mar 08:51:46 - error: TypeError: Cannot call method 'indexOf' of undefined
at pushJob (/secure_fs/strider/strider/node_modules/strider-github/lib/webhooks.js:122:19)
at startFromCommit (/secure_fs/strider/strider/node_modules/strider-github/lib/webhooks.js:42:16)
at receiveWebhook (/secure_fs/strider/strider/node_modules/strider-github/lib/webhooks.js:216:3)
at callbacks (/secure_fs/strider/strider/node_modules/express/lib/router/index.js:164:37)
at projectProvider (/secure_fs/strider/strider/lib/middleware.js:107:3)
at callbacks (/secure_fs/strider/strider/node_modules/express/lib/router/index.js:164:37)
at Promise.<anonymous> (/secure_fs/strider/strider/lib/middleware.js:201:5)
at Promise.<anonymous> (/secure_fs/strider/strider/node_modules/mongoose/node_modules/mpromise/lib/promise.js:162:8)
at Promise.EventEmitter.emit (events.js:95:17)
at Promise.emit (/secure_fs/strider/strider/node_modules/mongoose/node_modules/mpromise/lib/promise.js:79:38)
from strider-github.
Excellent detective work and analysis! We should fix the big with the
initial ping github web hook.
On Saturday, March 1, 2014, Sean Lavine [email protected] wrote:
It seems this is a bug on the @github https://github.com/github side.
There is a case where GitHub will not send the X-Hub-Signature request
header.
First of all, GitHub is rejecting my SSL certificate for my Strider
install (not sure why, Chrome thinks it's cool).Strider creates the webhook through GitHub's API with the following
config (I've added content_type and insecure_ssl in my testing using the
documented GitHub defaults):...
"config": {
"url": "https://strider.example.com/user/repo/api/github/webhook",
"secret": "mysecret",
"content_type": "form",
"insecure_ssl": 0
}...
- As soon as the webhook is added, GitHub sends off a ping event, which
never hits the server because GitHub appears to be rejecting the server
certificate.[image: github-ssl-reject]https://f.cloud.github.com/assets/716621/2303879/047e5c74-a1ee-11e3-9cdc-ff686606e266.png
- I then disable the SSL verification through the project settings on
GitHub (which I assume should simply change the value of insecure_sslfrom
0 to 1).[image: github-disable-ssl-verification]https://f.cloud.github.com/assets/716621/2303881/6e574458-a1ee-11e3-99c7-28d0572b7b39.png
- Now, after disabling the SSL verification, the request from GitHub will
hit Strider, but the requests no longer have the X-Hub-Signature
[image: github-no-sig]https://f.cloud.github.com/assets/716621/2303888/3fa141b2-a1ef-11e3-8c9e-f3b4f53eac22.jpgConclusion:
it seems to be a bug on GitHub's side that X-Hub-Signature request
headers are not sent with requests after disabling ssl verification if it
was created originally with it on.GitHub should make SSL verification rejections displayed more clearly,
rather than just showing a response of 0 bytes.Strider does not properly handle ping events from GitHub that are sent
immediately after enabling the webhook (it tries to treat them as commits).POST /[redacted]/api/github/hook 200 120ms - 18b
2 Mar 08:51:46 - info: got a body: { payload: '{"zen":"Favor focus over features.","hook_id": "redacted"}' }
2 Mar 08:51:46 - error: TypeError: Cannot call method 'indexOf' of undefined
at pushJob (/secure_fs/strider/strider/node_modules/strider-github/lib/webhooks.js:122:19)
at startFromCommit (/secure_fs/strider/strider/node_modules/strider-github/lib/webhooks.js:42:16)
at receiveWebhook (/secure_fs/strider/strider/node_modules/strider-github/lib/webhooks.js:216:3)
at callbacks (/secure_fs/strider/strider/node_modules/express/lib/router/index.js:164:37)
at projectProvider (/secure_fs/strider/strider/lib/middleware.js:107:3)
at callbacks (/secure_fs/strider/strider/node_modules/express/lib/router/index.js:164:37)
at Promise. (/secure_fs/strider/strider/lib/middleware.js:201:5)
at Promise. (/secure_fs/strider/strider/node_modules/mongoose/node_modules/mpromise/lib/promise.js:162:8)
at Promise.EventEmitter.emit (events.js:95:17)
at Promise.emit (/secure_fs/strider/strider/node_modules/mongoose/node_modules/mpromise/lib/promise.js:79:38)Reply to this email directly or view it on GitHubhttps://github.com//issues/8#issuecomment-36450348
.
Niall O'Higgins
W: http://niallohiggins.com
E: [email protected]
T: @niallohiggins
from strider-github.
Hi,
I contacted the support of Github for this problem and here their response:
we just checked at it seems that we run over the "secret" parameter if you "Disable SSL verification" in your settings. As a result, when you disable ssl verification via settings, you no longer get the "X-Hub-Signature" header. We're working on a fix for that problem so that the "secret" parameter is preserved. I'm sorry for the trouble with this -- I'll get back to you once the fix is deployed.
A workaround you can use now is to remove your hook and set it up again. However, instead of using the "Disable SSL verification" button in settings, you can disable ssl verification using the API by editing the configuration of that hook:
http://developer.github.com/v3/repos/hooks/#create-a-hook
http://developer.github.com/v3/repos/hooks/#edit-a-hookIf you edit the config so that you both specify the hook's secret and set insecure_ssl to "1", then ssl verification should be disabled and you should get the "X-Hub-Signature" header with deliveries.
You could also just wait for us to deploy the fix and then you should be able to re-create the hook and just use the "Disable SSL verification" button in your settings.
from strider-github.
Hi,
Github has fixed the issue appearing when ssl verification is disabled:
We rolled out a change which should have fixed this issue. Could you please try removing your hook and recreating it, as we discussed? After you re-create it, clicking "Disable SSL verification" should leave the "secret" attribute intact so you should continue to receive the X-Hub-Signature header with deliveries.
Everything works for me now.
from strider-github.
thanks for following up!
from strider-github.
Related Issues (20)
- Error creating project (Failed to setup repo: Bad status code: 401) HOT 2
- getting this working with github enterprise HOT 10
- sendJob should return true, because if we reach that point in the code, the job has been successfully created?
- Github auth callback url issue HOT 22
- Please update version on npm to 2.2.0 HOT 5
- Setting up a private project I can access but do not own HOT 3
- Fix tests
- File version mismatch on npm install HOT 1
- Allow specification of APP_ID, SECRET, DOMAIN, ENDPOINT per account HOT 1
- webhooks.js expecting objects to exist that do not HOT 2
- Use SSH authentication instead of HTTPS HOT 3
- Unable to 'run' new projects due to ssh failure (publickey) HOT 10
- Delete branch HOT 12
- Strider fails to install deploy key
- Strider build 'undefined' branch when tag is pushed HOT 4
- Plugin crashes when pull request has merge conflict HOT 2
- Webhook error on release HOT 2
- Git Clone Invalid Syntax HOT 1
- git clone fails HOT 9
- Question: Do you need an email address for Github to work? HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from strider-github.