[fix] Resolve most issues with shady webhooks#3975
[fix] Resolve most issues with shady webhooks#3975jp-agenta wants to merge 15 commits intorelease/v0.94.4from
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
dosubot
bot
added
the
size:L
Railway Preview Environment
|
jp-agenta
changed the title
![devin-ai-integration[bot]](https://avatars.githubusercontent.com/in/811515?s=60&v=4){kind=small}
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
mmabrouk
left a comment
mmabrouk
left a comment
There was a problem hiding this comment.
Thanks @jp for the PR
The UX however is now off:
If I create a new automation, it shows as pending. There is no way for me as a user to discover that I need to test it first to activate it. If we want to enforce testing first, we need to disable the create automation button until the user clicks test and it is successful. Or we have a modal on click, that forces the user to go through testing.
The second flow that breaks is updating. If I have an automation and I update it, it moves back to pending, and I don’t have any way of knowing that 1) it was actually disabled 2) I need to test it to enable it. This is more tricky. Here are the solutions:
- we remove the set back to pending when updating
- We use a modal in both cases a modal forcing the user to test as a gateway to commit the action
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
Co-authored-by: devin-ai-integration[bot] <158243242+devin-ai-integration[bot]@users.noreply.github.com>
Co-authored-by: devin-ai-integration[bot] <158243242+devin-ai-integration[bot]@users.noreply.github.com>
dosubot
bot
added
size:XL
Remove the webhook validity gate so saved automations keep delivering after create and edit. Restore in-drawer testing and show post-save test feedback so users still get immediate verification without a blocking pending state.
dosubot
bot
added
size:XXL
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
Authorization tokens and HMAC signatures were being stored in plaintext in the delivery data.headers field, which is persisted to the database and returned via the delivery query API. Delivery records are audit logs — they should never contain secrets. The actual HTTP request still uses the full unredacted headers; only the stored copy is sanitized.
…ecrets fix(api): redact sensitive headers from webhook delivery records
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
junaway
left a comment
junaway
left a comment
There was a problem hiding this comment.
test should be required in api post edit.
3 participants
Uh oh!
There was an error while loading. Please reload this page.