Provide refresh webhook headers in API NodePluginArgs

[Simply007]

Summary

Allow working with webhook's headers as well.
Extend NodePluginArgs with headers of the webhook (currently only NodePluginArgs.webhookBody is available).

Basic example

The common practice using webhook is to validate the signature to prevent faking the webhooks.
The signature is commonly sent as a part of the headers of the request.

I.e. Headless CMS Kentico Kontent webhooks notification docs.

To be able to validate that hash/signature, it would be great to have the data accessible in NodePluginArgs.

Motivation

That could prevent to mock refresh webhooks and potentially protect Gatsby Cloud for some DDoS attacks.

[github-actions[bot]]

Hiya!

This issue has gone quiet. Spooky quiet. 👻

We get a lot of issues, so we currently close issues after 30 days of inactivity. It’s been at least 20 days since the last update here.
If we missed this issue or if you want to keep it open, please reply here. You can also add the label "not stale" to keep this issue open!
As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request. Check out gatsby.dev/contribute for more information about opening PRs, triaging issues, and contributing!

Thanks for being a part of the Gatsby community! 💪💜

[Simply007]

@vladar - any update on this?

[vladar]

Want to prepare a PR for this? I think simple passing webhookHeaders along with webhookBody should be enough?

[Simply007]

Yeap - it could do that.

I checked the occurrences if webhookBody in code and it looks quite OK to add the functionality there.

I might need some guidance on e2e tests and integration ones.

[Simply007]

There is a draft pull request with the implementation:

• feat(gatsby): provide refresh webhook headers in API #24430