Created
July 13, 2017 19:06
-
-
Save delikat/272415e6669ba7b63c235eee9b0a4e91 to your computer and use it in GitHub Desktop.
An extremely simple Flask app that accepts Optimizely webhook requests and verifies their signatures
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Example Flask implementation of secure webhooks | |
| # Assumes webhook's secret is stored in the environment variable WEBHOOK_SECRET | |
| from hashlib import sha1 | |
| import hmac | |
| import os | |
| from flask import Flask, request, abort | |
| @app.route('/webhooks/optimizely', methods=['POST']) | |
| def index(): | |
| request_signature = request.headers.get('X-Hub-Signature') | |
| computed_signature = 'sha1' + hmac.new(os.environ['WEBHOOK_SECRET'],msg=request.data, digestmod=sha1) | |
| if not hmac.compare_digest(computed_signature.hexdigest(), request_signature): | |
| abort(500) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi,
computed_signature = 'sha1' + hmac.new(os.environ['WEBHOOK_SECRET'],msg=request.data, digestmod=sha1)shouldn't the prefix be
'sha1='as reported by https://developers.optimizely.com/x/solutions/sdks/reference/index.html?language=python#webhooks ?