You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
According to this code, only POST requests are supported. However, Twilio accesses fax media files using a GET request. As far as I can see and have roughly tested, simply allowing the function to continue even if its a GET request correctly validates the signature.
returnfalse, errors.New("Checking signatures on non-POST requests is not implemented")
}
iferr:=r.ParseForm(); err!=nil {
returnfalse, err
}
Browsing the Twilio documentation, it says that appending the full raw query to the URL is sufficient. Likewise, r.URL.String() includes the entire raw query. Any POST parameters are appended to that. If we call ParseForm on a GET request, the request Body is not read, and r.PostForm is initialized to a non-nil, empty value. So GenerateSignature still functions as it should.
The text was updated successfully, but these errors were encountered:
According to this code, only POST requests are supported. However, Twilio accesses fax media files using a GET request. As far as I can see and have roughly tested, simply allowing the function to continue even if its a GET request correctly validates the signature.
gotwilio/util.go
Lines 62 to 69 in 06f83df
Browsing the Twilio documentation, it says that appending the full raw query to the URL is sufficient. Likewise, r.URL.String() includes the entire raw query. Any POST parameters are appended to that. If we call ParseForm on a GET request, the request Body is not read, and r.PostForm is initialized to a non-nil, empty value. So GenerateSignature still functions as it should.
The text was updated successfully, but these errors were encountered: