-
With Update from probot ^12.3.3 to 13.0.2 the underlaying octokit throws an exception when a github request arrives. The pattern worked before and I verified the appid and secret. Is it framework issue or can I solve it on my own? It breaks in
and ends in the exception: Original Error:
The exception is catched with a () => false and ends in the exception message.
If I add a JSON.stringify in the used sign method, then the verification works well and a next verification of valid JSON fails because it event.payload is an object and not an string. Both looks like the octokit verify path rely on string type payload and not the object payload. What can I change that probot use octokit as expected? |
Beta Was this translation helpful? Give feedback.
Replies: 3 comments 1 reply
-
How are you using Probot? Are you using Probot directly, or any serverless framework? |
Beta Was this translation helpful? Give feedback.
-
Indeed it is may an important information in this case. I use probot with createNodeMiddleware in an express application (https://probot.github.io/docs/development/#use-createnodemiddleware). And yes the express application has a JSON Parser. It worked with v12 but start to fail with V13. Temporary I removed the JSON Parser but it continues to fail.
|
Beta Was this translation helpful? Give feedback.
-
Hello, I had to remove all body parsers (json and urlencode) to get it running. I guess the changes in getPayload (@octokit/webhook) are not fully compatible with req.body initialization of native express bodyparser especially urlencoded. Thanks for the help. The upgrade to v13 has been completed. |
Beta Was this translation helpful? Give feedback.
Starting with v13, we only accept strings as input for webhooks in order to facilitate validation as parsing the JSON and stringifying it may inadvertently change it.
Let's start with removing the
express.json()
parserI am using the Octokit libraries (with the same versions as Probot) directly in an express app and haven't experienced this issue.
Are you able to share the payload as received by express before any parsing, signature and secret (once it is invalidated, and changed)? That would be helpful to debug