Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Feature request] enable github verification in the git debug cli #23

Open
Nils-Schiwek opened this issue Jan 24, 2025 · 0 comments
Open

[Feature request] enable github verification in the git debug cli #23

Nils-Schiwek opened this issue Jan 24, 2025 · 0 comments
Labels
enhancement New feature or request

Comments

@Nils-Schiwek
Copy link

I understand as a security precaution the gh copilot extension services need to verify the gh payload and headers to make sure these are originating from github.
In my Typescript code, I would like to add this as a express middleware to the express endpoint code. Unfortunately this is exceptionally hard to test on a local environment. I would expect the github debug cli to include a valid signature in the correspondence as well. When debugging this locally github-public-key-signature and github-public-key-identifier headers are empty.

I did consider to only add the verifier middleware in a production environment, but this does not let me test the implementation.

Please provide a way to verify the gh payload locally.
@Nils-Schiwek Nils-Schiwek added the enhancement New feature or request label Jan 24, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Nils-Schiwek