Allow webhook secrets to be added for GitHub and GitLab#22476
Open
oliverguenther wants to merge 3 commits intodevfrom
Open
Allow webhook secrets to be added for GitHub and GitLab#22476oliverguenther wants to merge 3 commits intodevfrom
oliverguenther wants to merge 3 commits intodevfrom
Conversation
oliverguenther
force-pushed
the
fix/github-webhook-secret
branch
from
a5b8797 to
6ec5ad1
Compare
oliverguenther
force-pushed
the
fix/github-webhook-secret
branch
from
6ec5ad1 to
8f9f0d1
Compare
oliverguenther
force-pushed
the
fix/github-webhook-secret
branch
from
8f9f0d1 to
27ada0a
Compare
oliverguenther
force-pushed
the
fix/github-webhook-secret
branch
from
27ada0a to
3c2acfc
Compare
klaustopher
reviewed
Mar 27, 2026
| token_header = request.env["HTTP_X_GITLAB_TOKEN"] | ||
| return false if token_header.blank? | ||
|
|
||
| ActiveSupport::SecurityUtils.secure_compare(secret, token_header) |
Contributor
There was a problem hiding this comment.
Wow ... Interesting that they just send the shared secret... A signature makes so much more sense...
klaustopher
reviewed
Mar 27, 2026
Comment on lines
+58
to
+62
| menu.push :admin_integrations, | ||
| { controller: "/github_integration/admin/settings", action: "show" }, | ||
| if: ->(_) { User.current.admin? }, | ||
| icon: :"git-compare", | ||
| caption: :label_integrations |
Contributor
There was a problem hiding this comment.
It feels wrong to have the parent menu item being added here. We also give "preference" to GitHub by making it the link from the integrations page. Especially since the gitlab plugin also relies on this being there. Maybe we can add this to the menus.rb initializer and have the 2 integrations hook into them.
klaustopher
approved these changes
Mar 27, 2026
Contributor
klaustopher
left a comment
klaustopher
left a comment
There was a problem hiding this comment.
General approve. Feel free to take or leave the advice about the menu refactoring.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
https://community.openproject.org/work_packages/73387