pacnpal/django-anymail
1
0
Fork 0
mirror of https://github.com/pacnpal/django-anymail.git synced 2025-12-20 03:41:05 -05:00
Code Issues Packages Projects Releases Wiki Activity

Docs: clean up "securing webhooks"

Browse Source 
* "SSL" --> "https"
* "authorization" --> "authentication"
  (e.g., "HTTP basic authentication" -- except when referring
  specifically to the HTTP "Authorization" header used to send it)
* add a sidebar with more details on why it matters
This commit is contained in:
medmunds
2018-03-07 12:19:38 -08:00
parent e3f986df8f
commit ae8484fd65
2 changed files with 48 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
docs/installation.rst
View File

@@ -269,14 +269,14 @@ Set to `True` to ignore these problems and send the email anyway. See
.. rubric:: WEBHOOK_SECRET
A `'random:random'` shared secret string. Anymail will reject incoming webhook calls
from your ESP that don't include this authorization. You can also give a list of
from your ESP that don't include this authentication. You can also give a list of
shared secret strings, and Anymail will allow ESP webhook calls that match any of them
(to facilitate credential rotation). See :ref:`securing-webhooks`.
Default is unset, which leaves your webhooks insecure. Anymail
will warn if you try to use webhooks without a shared secret.
This is actually implemented using HTTP basic authorization, and the string is
This is actually implemented using HTTP basic authentication, and the string is
technically a "username:password" format. But you should *not* use any real
username or password for this shared secret.