Oh, sorry Rando, I am focusing on this thread when I comment about ânobody else has mentionedâ, so hopefully that helps clear up your confusion on what I mean. My comments here are about this thread and this boilerplate stripe integration, Not the Bubble forum at large.
But not used in this boilerplate, nor mentioned in this thread. Why didnât you mention it if it is âwidely recommendedâ and a good practice as an extra security measure when you saw that George did not include it in his Stripe webhooks?
No it is not, because of course you fail to comprehend that the entire statement should be taken together and not just taking out of context small sentences. The parrot also said ânaive spoofing of an HTTPS webhook is GENERALLY not possibleâ. Why do you fail to read words like generally or possible or probable? They have meanings and should be understood. That fact that it generally is not possible, does actually mean, in fact, it is possible, which is why it says to use the allow list as secondary control.
@randomanon are you the new strawman? Backend workflows: In what situations do you allow to run without authentication? - #19 by randomanon