twilio-csharp: twilio security not working on my .net core 3.0/3.1 application properly
I have implemented validation as per https://www.twilio.com/docs/usage/tutorials/how-to-secure-your-csharp-aspnet-core-app-by-validating-incoming-twilio-requests
I have my .net core 3.0 application where callback url is like https://mydomain.com:81/Twilio/TwilioAction
Request validator seems always rejecting the validation.
Same code with my other deployment where my address is like https://myotherdomain.com/Twilio/TwilioAction is working fine.
It looks like due to following implementation in twilio RequestValidator
private string RemovePort(UriBuilder uri)
{
// UriBuilder.ToString() will not display the port
// if the Port property is set to -1
uri.Port = -1;
return uri.ToString();
}
private string AddPort(UriBuilder uri)
{
if (uri.Port != -1)
{
return uri.ToString();
}
**uri.Port = uri.Scheme == "https" ? 443 : 80;**
return uri.ToString();
}
I have even upgraded to release 5.37.1 but issue still exists
About this issue
- Original URL
- State: open
- Created 5 years ago
- Reactions: 5
- Comments: 19 (7 by maintainers)
Hello @KamranShahid,
Thanks for bringing this to our attention!
This issue has been added to our internal backlog to be prioritized. Pull requests and +1s on the issue summary will help it move up the backlog.
With best regards,
Elmer
There are unit tests that verify such URLs. What I’m asking is what URL is actually being fed into the validator? From the validation example, the code looks like this:
Is this what your code is doing? If so, what’s the result?