You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docusaurus/docs/cms/backend-customization/webhooks.md
+3-2Lines changed: 3 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -73,6 +73,7 @@ export default {
73
73
Most of the time, webhooks make requests to public URLs, therefore it is possible that someone may find that URL and send it wrong information.
74
74
75
75
To prevent this from happening you can send a header with an authentication token. Using the Admin panel you would have to do it for every webhook.
76
+
Consider signing webhook payloads and verifying signatures server‑side to prevent replay attacks.
76
77
Another way is to define `defaultHeaders` to add to every webhook request.
77
78
78
79
You can configure these global headers by updating the file at `./config/server`:
@@ -98,7 +99,7 @@ module.exports = {
98
99
99
100
<TabItemvalue="ts"label="TypeScript">
100
101
101
-
```js title="./config.server.ts"
102
+
```js title="./config/server.ts"
102
103
exportdefault {
103
104
webhooks: {
104
105
defaultHeaders: {
@@ -514,4 +515,4 @@ The event is triggered when a [release](/cms/features/releases) is published.
514
515
515
516
:::tip
516
517
If you want to learn more about how to use webhooks with Next.js, please have a look at the [dedicated blog article](https://strapi.io/blog/how-to-create-an-ssg-static-site-generation-application-with-strapi-webhooks-and-nextjs).
0 commit comments