Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

middleware skips signature validation when 'x-line-signature' header is not set. #25

Closed
musou1500 opened this issue Sep 14, 2017 · 2 comments
Closed

middleware skips signature validation when 'x-line-signature' header is not set. #25

musou1500 opened this issue Sep 14, 2017 · 2 comments

Comments

@musou1500
Copy link
Contributor

in middleware.ts

    const signature = req.headers["x-line-signature"] as string;

    if (!signature) {
      next();
      return;
    }

what happens if someone request without x-line-signature header?
@hatashiro
Copy link

hatashiro commented Sep 14, 2017
edited
Loading

In the case, the body will not be parsed. However, if any body parser is used after the middleware, the body will be parsed as usual and the server can be spoofed as you assumed. I think it's better to throw SignatureValidationFailed for the case.

@musou1500 musou1500 mentioned this issue Sep 14, 2017
Merged
@musou1500
Copy link
Contributor Author

@noraesae I think so too. I wrote it (#26).

hatashiro pushed a commit that referenced this issue Sep 15, 2017
Doc update for #25
4c4f58b
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@hatashiro @musou1500