arrow-left Back to announcements
DATE:
AUTHOR:
Ory Team
Ory Network

Headers in webhooks now based on an allow list

DATE:
AUTHOR: Ory Team

To streamline the data within webhooks we have removed all headers from ctx.request_headers of the webhook request context that do not match the following allow-list:

Accept

Accept-Encoding

Accept-Language

Content-Length

Content-Type

Origin

Priority

Referer

Sec-Ch-Ua

Sec-Ch-Ua-Mobile

Sec-Ch-Ua-Platform

Sec-Fetch-Dest

Sec-Fetch-Mode

Sec-Fetch-Site

Sec-Fetch-User

True-Client-Ip

User-Agent

See the Ory Documentation for more information.

Powered by LaunchNotes