sharpetronics/stripe-ruby
1
0
Fork 0
mirror of https://github.com/stripe/stripe-ruby.git synced 2025-11-22 00:05:58 -05:00
Code Issues Projects Releases Wiki Activity

Add comment so the post-verify parse change doesn't regress

Browse Source
This commit is contained in:
Brandur 2017-08-18 10:13:54 -07:00
parent a19dfed759
commit aa5ef2f7ff
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
lib/stripe/webhook.rb
View File

@ -9,6 +9,11 @@ module Stripe
def self.construct_event(payload, sig_header, secret, tolerance: DEFAULT_TOLERANCE)
Signature.verify_header(payload, sig_header, secret, tolerance: tolerance)
# It's a good idea to parse the payload only after verifying it. We use
# `symbolize_names` so it would otherwise be technically possible to
# flood a target's memory if they were on an older version of Ruby that
# doesn't GC symbols. It also decreases the likelihood that we receive a
# bad payload that fails to parse and throws an exception.
data = JSON.parse(payload, symbolize_names: true)
Event.construct_from(data)
end