Summary
When creating a GitHub repository webhook (Client.CreateWebHook in pkg/git/github/github.go), we currently set HookConfig.InsecureSSL to "1", which tells GitHub not to verify TLS when delivering webhooks to an HTTPS payload URL. There is an inline TODO noting this should default to secure behavior.
Problem
- GitHub’s
insecure_ssl field: "0" = verify TLS to the webhook URL, "1" = skip verification (Create a repository webhook).
- Defaulting to
"1" is unsafe for normal HTTPS endpoints with valid certificates.
Proposed change
- Set
InsecureSSL to "0" so GitHub verifies TLS by default for HTTPS webhook targets.
- Keep behavior documented in code (and optionally add a small unit test on the hook config helper).
Area
pkg/git/github
Summary
When creating a GitHub repository webhook (
Client.CreateWebHookinpkg/git/github/github.go), we currently setHookConfig.InsecureSSLto"1", which tells GitHub not to verify TLS when delivering webhooks to an HTTPS payload URL. There is an inline TODO noting this should default to secure behavior.Problem
insecure_sslfield:"0"= verify TLS to the webhook URL,"1"= skip verification (Create a repository webhook)."1"is unsafe for normal HTTPS endpoints with valid certificates.Proposed change
InsecureSSLto"0"so GitHub verifies TLS by default for HTTPS webhook targets.Area
pkg/git/github