0

I am trying to validate a xero webhook for Invoice create and update. here is my code: 

$body=file_get_contents('php://input');
$yourHash = base64_encode(hash_hmac('sha256',$body,'gDgLpn+xqX7ojhCEq5xx1viAyy6nEa4CMuiQxcXf9ctAoLkscnh/b1Y3002JjIEHOvOEt3MBvx1VLHh6lzaiAA==',true));
if ($yourHash == $_SERVER['HTTP_X_XERO_SIGNATURE'])
{
header("status: 200 Ok");
}else
{
header("status: 401 Unauthorized");
}

The error here is "Response contained a cookie". How I can remove this cookie in response?

giraffe.guru
  • 480
  • 8
  • 21
Logita Kurrey
  • 71
  • 1
  • 10
  • Im not into xero, but I wonder is is a requirement get it in one line or you can format your code better. – Cleptus May 17 '18 at 11:45

2 Answers2

1

There is nothing in your code sample that is adding a cookie. Check that your http server does not respond with cookies.

giraffe.guru
  • 480
  • 8
  • 21
0

I resorted to adding

proxy_hide_header "Set-Cookie";

to a strongly filtered location section in my nginx configuration file.

You may require

fastcgi_hide_header "Set-Cookie";

I'm hoping this won't cause any issues down the track. Next you will need to remove the body from your response. My Response objects are

Response(status=200)
Response(status=401)

If you're serving with Apache I believe you can hide headers by editting the .htaccess file.

aeop
  • 1