Commit d796c619 by Will Browne Committed by GitHub

Security: Fixes minor security issue with alert notification webhooks that…

Security: Fixes minor security issue with alert notification webhooks that allowed GET & DELETE requests #29330
parent 0fc8426b
...@@ -48,6 +48,10 @@ func (ns *NotificationService) sendWebRequestSync(ctx context.Context, webhook * ...@@ -48,6 +48,10 @@ func (ns *NotificationService) sendWebRequestSync(ctx context.Context, webhook *
webhook.HttpMethod = http.MethodPost webhook.HttpMethod = http.MethodPost
} }
if webhook.HttpMethod != http.MethodPost && webhook.HttpMethod != http.MethodPut {
return fmt.Errorf("webhook only supports HTTP methods PUT or POST")
}
request, err := http.NewRequest(webhook.HttpMethod, webhook.Url, bytes.NewReader([]byte(webhook.Body))) request, err := http.NewRequest(webhook.HttpMethod, webhook.Url, bytes.NewReader([]byte(webhook.Body)))
if err != nil { if err != nil {
return err return err
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment