You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: readme.md
+12-1Lines changed: 12 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -33,12 +33,23 @@ php artisan vendor:publish
33
33
You will need to set the following details in your environment:
34
34
35
35
```sh
36
+
SIGNED_REQUEST_ALGORITHM=
37
+
SIGNED_REQUEST_CACHE_PREFIX=
36
38
SIGNED_REQUEST_SIGNATURE_HEADER=
37
39
SIGNED_REQUEST_ALGORITHM_HEADER=
38
40
SIGNED_REQUEST_KEY=
41
+
SIGNED_REQUEST_ALLOW_REPLAYS=
42
+
SIGNED_REQUEST_TOLERANCE_SECONDS=
39
43
```
40
44
41
-
The `SIGNED_REQUEST_SIGNATURE_HEADER` should be the request header that the signature will be included on, something like `X-SIGNATURE`. Similarly the `SIGNED_REQUEST_ALGORITHM_HEADER` should be the request header that the includes the algorithm used to sign the request. Finally the `SIGNED_REQUEST_KEY` should hold the key used to verify the signed requests.
45
+
Each of the settings above allows for a different level of configuration.
46
+
- `SIGNED_REQUEST_ALGORITHM` is the algorithm that will be used to generate / verify the signature. This is defaulted to use `sha256` feel free to change this to anything that `hash_hmac` accepts.
47
+
- `SIGNED_REQUEST_CACHE_PREFIX` is the prefix to use for all the cache keys that will be generated. Here you can use the default if you're not planning on sharing a cache between multiple applications.
48
+
- `SIGNED_REQUEST_SIGNATURE_HEADER` should be the request header that the signature will be included on, `X-Signature` will be used by default.
49
+
- `SIGNED_REQUEST_ALGORITHM_HEADER` should be the request header that the includes the algorithm used to sign the request.
50
+
- `SIGNED_REQUEST_KEY` is the shared secret key between the application generating the requests, and the application consuming them. This value should not be publically available.
51
+
- `SIGNED_REQUEST_ALLOW_REPLAYS` allows you to enable or disable replay attacks. By default replays are disabled.
52
+
- `SIGNED_REQUEST_TOLERANCE_SECONDS` is the number of seconds that a request will be considered for. This setting allows for some time drift between servers and is only used when replays are disabled.
0 commit comments