Important reminder (Potential Breaking Change)
Aug 2024
Aug 21, 2024
Go Version Upgrade & potential Webhook Signature breaking change
Background
We are doing Go version upgrade. As part of the update, our system will handle special characters according to the RFC 8259 standard. This change aim to reduce the chance of signature mismatches and enhance the reliability of webhook interactions.
Scope of Impact & Description of Changes
Scope of Impact:
The special character handling logic of webhook signatures, which is used to verify that the payload is sent by SHOPLINE.
Description of Changes:
- After upgrading to the new Go version, Go will follow the RFC8259 standard for handling special characters.
- As part of this update, the system will add support for the \b and \f characters. This means that our system will handle all five control characters (\b, \f, \n, \r, \t) according to the RFC8259 standard.
Summary Table
Aspect | As is | To be |
---|---|---|
Special Character Handling & Signature Verification | Special characters are not always handled according to RFC 8259. For example, a payload containing special characters like \b and \f was previously not handled according to the RFC8259 standard. Risk of incorrect handling of special characters can cause signature mismatches, affecting verification. | With the new Go version, special characters \b and \f will also be consistently handled and escaped according to RFC 8259. Aligning to the same standard ensures the correct handling and therefore accurate signature verification, preventing mismatches. |
Example for illustration | For example, content with \b would be converted to \u0008. | For example, content with \b will be retained as-is, without conversion. |
Suggestion / Action Item
Review if these changes could affect your system logic & ensure that the handling of special characters in webhook signatures' JSON payloads is based on RFC 8259 in order to avoid this risk of signature mismatches.
Updated 2 months ago