What happened?
Signature verification using @octokit/webhooks fails when the webhook payload contains multibyte UTF-8 characters (e.g., emojis like 😊)
const signature = req.headers['x-hub-signature-256'];
try {
// Validate the signature using the raw body
const isValid = await webhooks.verify(req.rawBody.toString(), signature);
if (!isValid) {
logger.error('Invalid signature');
return res.status(401).send('Invalid signature');
}
console.log('✅ Valid webhook signature');
res.sendStatus(200);
} catch (err) {
console.error('Error verifying signature:', err);
res.sendStatus(500);
}Versions
octokit/webhooks - 13.3.0
node version - v20
Relevant log output
Code of Conduct
What happened?
Signature verification using @octokit/webhooks fails when the webhook payload contains multibyte UTF-8 characters (e.g., emojis like 😊)
Versions
octokit/webhooks - 13.3.0
node version - v20
Relevant log output
Code of Conduct