Commit graph

1 commit

Author SHA1 Message Date
Antoine Martin 7e3c8b8f28 lohr: validate webhook signature
Previously lohr was unusable in a production setting, anyone could forge
a malicious webhook and either:

- mirror a private repo of yours to another remote they own
- wipe a repo of yours by forcing mirroring from an empty mirror

This is no longer the case!
2021-03-30 11:33:42 +02:00