1414use Symfony \Component \HttpFoundation \ChainRequestMatcher ;
1515use Symfony \Component \HttpFoundation \HeaderBag ;
1616use Symfony \Component \HttpFoundation \Request ;
17+ use Symfony \Component \HttpFoundation \RequestMatcher \HeaderRequestMatcher ;
1718use Symfony \Component \HttpFoundation \RequestMatcher \IsJsonRequestMatcher ;
1819use Symfony \Component \HttpFoundation \RequestMatcher \MethodRequestMatcher ;
1920use Symfony \Component \HttpFoundation \RequestMatcherInterface ;
@@ -36,6 +37,11 @@ protected function getRequestMatcher(): RequestMatcherInterface
3637 return new ChainRequestMatcher ([
3738 new MethodRequestMatcher ('POST ' ),
3839 new IsJsonRequestMatcher (),
40+ new HeaderRequestMatcher ([
41+ 'svix-id ' ,
42+ 'svix-timestamp ' ,
43+ 'svix-signature ' ,
44+ ]),
3945 ]);
4046 }
4147
@@ -72,14 +78,9 @@ protected function doParse(Request $request, #[\SensitiveParameter] string $secr
7278 private function validateSignature (string $ payloadHeaderBag $ headersstring $ secretvoid
7379 {
7480 $ secret$ this decodeSecret ($ secret
75-
76- if ($ headershas ('svix-id ' ) && $ headershas ('svix-timestamp ' ) && $ headershas ('svix-signature ' )) {
77- $ messageId$ headersget ('svix-id ' );
78- $ messageTimestampint ) $ headersget ('svix-timestamp ' );
79- $ messageSignature$ headersget ('svix-signature ' );
80- } else {
81- throw new RejectWebhookException (406 , 'Missing required headers. ' );
82- }
81+ $ messageId$ headersget ('svix-id ' );
82+ $ messageTimestampint ) $ headersget ('svix-timestamp ' );
83+ $ messageSignature$ headersget ('svix-signature ' );
8384
8485 $ signature$ this sign ($ secret$ messageId$ messageTimestamp$ payload
8586 $ expectedSignatureexplode (', ' , $ signature2 )[1 ];
0 commit comments