mirrors/hermes-agent
1
0
Fork 0
mirror of https://github.com/NousResearch/hermes-agent.git synced 2026-05-29 06:31:32 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 14

fix(webhook): use 403 not 500 for missing-secret rejection

Browse source 
Operator misconfiguration is a client/setup error, not an internal server
exception. 403 "forbidden" more accurately reflects "this route refuses
to authenticate" than 500 "internal server error" — the latter triggers
incident alerting on operator monitoring and conflates real bugs with
config drift.

Follow-up tweak to PR #29629 by @m0n3r0.
This commit is contained in:
teknium1 2026-05-24 04:47:06 -07:00 committed by Teknium
parent dbf73e90fa
commit 15aa6884a2
2 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

2
gateway/platforms/webhook.py
View file

@ -391,7 +391,7 @@ class WebhookAdapter(BasePlatformAdapter):
)
return web.json_response(
{"error": "Webhook route is missing an HMAC secret"},
status=500,
status=403,
)
if secret != _INSECURE_NO_AUTH:
if not self._validate_signature(request, raw_body, secret):