[closed] HTTP 403 when trying to call the GitHub WebHook using curl
Christian Sommerfeld (26)
| asked Jan 26 '23, 7:38 a.m.
closed Mar 16 '23, 5:50 a.m. by David Honey (1.8k●1●7) Currently I'm trying to integrate GitHub (hosted in a cloud) with an internal RTC System. As the systems have no direct connection I'm using a runner which is called inside the internal network.
The runner invokes the following curl statement:
curl -X POST --data /net/XXX/fs0/ALM-actions-runner/_work/_temp/_github_workflow/event.json "$RTC_GITHUB_ENDPOINT" -H "Content-Type: application/json" -H "x-github-event: push"
But I always receive a HTTP 403 as a response. So my question why does calling the URL not work?
GIT Access is granted in RTC. I've also tried it with a functional user. And I tried using a secret but for this my question would be how to pass the secret to the Git WebHook? What is the proper parameter name for it? I've tried several ones but nothing had worked.
E.g. curl -X POST --data $GITHUB_EVENT_PATH "$RTC_GITHUB_ENDPOINT" -H "$HEADER_CONTENT_TYPE" -H "$HEADER_GITHUB_EVENT" -H "X-Hub-Signature: sha1=MY_HASH"
Thanks for any help!
|
The question has been closed for the following reason: "The question is answered, right answer was accepted" by davidhoney Mar 16 '23, 5:50 a.m.
Accepted answer
One other answer
I found the root cause. Problem is the missing header X-Jazz-CSRF-Prevent with a valid JSessionID.
But the web hook call has no session and it should work without this header.
How can this behavior be changed? Comments Try a value such as "1" instead of the JSessionID.
Christian Sommerfeld
commented Mar 10 '23, 6:00 a.m.
I've already tried that but it only works with a valid JSessionID |