You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
On Fri, Oct 09, 2015 at 01:44:11PM -0700, paulgregg wrote:
The incoming token isn't checked - so anyone could post.
With a public hook url, yep. My plan had been to require sites to
include their incoming hook url as a param and to check that as a
poor-man's passphrase. Patches welcome.
I've forked it because you've saved me a ton of work figuring this out :)
My use case is a small number of teams with multiple 1-1 channels between the teams - so it needs to support multiple tokens, multiple targets/peers (but not the any peer but me). I've changed the config significantly to handle this - but will tweak more first before sharing the code back. You are welcome to any changes. Token checking per incoming peer/channel is done.
PR in flight... you might not like it tho since it changes the default behaviour of 1-many peers in favour of requiring explicitly targetting incoming channels at specific peers and channels.
The incoming token isn't checked - so anyone could post.
The text was updated successfully, but these errors were encountered: