github service hook and basic authentication

About

Asked 20/8, 2013 at 3:33 Answered 26/8, 2013 at 19:13

I'm trying to figure out how to secure a webhook reciever for a github service hook.

In the github manual pages, when you look in the section on what IP addresses github hooks will come from, it has this warning:

"We highly recommend that you don't white list IPs for Service Hooks. Instead, setup HTTPS and basic authentication to verify incoming requests."

https://help.github.com/articles/what-ip-addresses-does-github-use-that-i-should-whitelist#service-hook-ip-addresses

In the documentation on post receive hooks I don't see any way to set up basic authentication.

How can I use basic authentication with github post-recieve/service/web hook that notifies me of a commit to a repository?

Edacity answered 20/8, 2013 at 3:33 Comment(2)

superset question: how to do authenticated webhooks: #9007530 – Cornel 5/8, 2014 at 20:3

I saw that too; but the accepted answer is exactly what the quote above from github says NOT to do. All the answers on that page seem sort of hokey, except for https://mcmap.net/q/504458/-how-to-verify-a-post-receive-hook-request-actually-came-from-github which didn't used to be there (and I just upvoted it) – Edacity 5/8, 2014 at 20:12

I think you can just use

https://yourUser:[email protected]/path

like in any basic auth situation.

I will give it a try tomorrow, too :) https://github.com/blog/237-basic-auth-post-receives

Philomenaphiloo answered 26/8, 2013 at 19:13 Comment(1)

I just tried it right now: Go to your Repository->Settings->Service Hooks and use the syntax above in your WebhookUrl :) – Philomenaphiloo 26/8, 2013 at 20:4

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags