Replit Agent 630a585178 fix: webhook HMAC — Gitea sends raw hex, not sha256= prefixed ...

Gitea's X-Gitea-Signature header contains raw hex HMAC-SHA256.
GitHub's X-Hub-Signature-256 uses the sha256= prefix.
verifySignature now normalises both formats to raw hex before
timingSafeEqual comparison, so pushes from Gitea trigger deploys.

2026-03-20 21:55:04 +00:00

4.7 KiB

Raw Permalink Blame History

View Raw