Return 403 if request signatures do not matchv0.2.0

author: Grégoire Duchêne <gduchene@awhk.org> 2021-04-04 21:29:15 +0100
committer: Grégoire Duchêne <gduchene@awhk.org> 2021-04-04 21:29:15 +0100
commit: 7ca3866a865ee8e654bbabaaed22c0ad97a7d39d (patch)
tree: f4ad54335be866374f78be9b85b9454beb77b6de /pkg/twilio/filter.go
parent: a0c7202e467de1fc97abd8ada55959e8842de525 (diff)
1 files changed, 5 insertions, 1 deletions
diff --git a/pkg/twilio/filter.go b/pkg/twilio/filter.go
index 7d5f6b5..90e84cc 100644
--- a/pkg/twilio/filter.go
+++ b/pkg/twilio/filter.go
@@ -67,7 +67,11 @@ func (th *Filter) CheckRequestSignature(r *http.Request) error {
 func (th *Filter) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	if err := th.CheckRequestSignature(r); err != nil {
 		log.Println("Failed to check Twilio signature:", err)
-		w.WriteHeader(http.StatusBadRequest)
+		if err == ErrSignatureMismatch {
+			w.WriteHeader(http.StatusForbidden)
+		} else {
+			w.WriteHeader(http.StatusBadRequest)
+		}
 		return
 	}
 	th.Handler.ServeHTTP(w, r)
author	Grégoire Duchêne <gduchene@awhk.org>	2021-04-04 21:29:15 +0100
committer	Grégoire Duchêne <gduchene@awhk.org>	2021-04-04 21:29:15 +0100
commit	7ca3866a865ee8e654bbabaaed22c0ad97a7d39d (patch)
tree	f4ad54335be866374f78be9b85b9454beb77b6de /pkg/twilio/filter.go
parent	a0c7202e467de1fc97abd8ada55959e8842de525 (diff)