Use the same timestamp from the body in the header

Else replay attack prevention doesn't work
This commit is contained in:
Stanko K.R.
2025-09-12 16:01:11 +02:00
parent df87ee8b35
commit d7db973397
+1 -1
View File
@@ -97,7 +97,7 @@ class Webhook::Delivery < ApplicationRecord
"User-Agent" => USER_AGENT,
"Content-Type" => "application/json",
"X-Webhook-Signature" => signature,
"X-Webhook-Timestamp" => Time.current.utc.iso8601
"X-Webhook-Timestamp" => event.created_at.utc.iso8601
}
end