Add sensitive headers (#3429)

* Add HeaderWithSensitiveCase methods to respect casing * Update webhook.go
2025-11-04 08:30:25 +08:00 · 2018-01-30 23:09:16 +01:00
parent d09704e903
commit b3fd94c13d
2 changed files with 8 additions and 2 deletions
--- a/models/webhook.go
+++ b/models/webhook.go
@@ -588,8 +588,8 @@ func (t *HookTask) deliver() {
 		Header("X-Gitea-Event", string(t.EventType)).
 		Header("X-Gogs-Delivery", t.UUID).
 		Header("X-Gogs-Event", string(t.EventType)).
-		Header("X-GitHub-Delivery", t.UUID).
-		Header("X-GitHub-Event", string(t.EventType)).
+		HeaderWithSensitiveCase("X-GitHub-Delivery", t.UUID).
+		HeaderWithSensitiveCase("X-GitHub-Event", string(t.EventType)).
 		SetTLSClientConfig(&tls.Config{InsecureSkipVerify: setting.Webhook.SkipTLSVerify})

 	switch t.ContentType {
--- a/modules/httplib/httplib.go
+++ b/modules/httplib/httplib.go
@@ -164,6 +164,12 @@ func (r *Request) Header(key, value string) *Request {
 	return r
 }

+// HeaderWithSensitiveCase add header item in request and keep the case of the header key.
+func (r *Request) HeaderWithSensitiveCase(key, value string) *Request {
+	r.req.Header[key] = []string{value}
+	return r
+}
+
 // Headers returns headers in request.
 func (r *Request) Headers() http.Header {
 	return r.req.Header