Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
a webhook request will return 403 because it's comparing http://domain/mailchimp/webhook/hash with http://domain/en/mailchimp/webhook/hash
i think we can do this access callback differently -- how about comparing reverse dns records?
Comment | File | Size | Author |
---|---|---|---|
#2 | mailchimp-webhookaccess-2003418-2.patch | 431 bytes | bc |
Comments
Comment #1
bc CreditAttribution: bc commentedone workaround is to add mailchimp/webhook/* to the list of excluded paths in the i18n_select configuration.
imo, a better option would be to have mailchimp module tell webhook to not translate its webhook paths.
Comment #2
bc CreditAttribution: bc commentedThis patch solves the issue by excluding base_url from the hash input key. I don't think this comprimises security because the other hash input key data is pretty darn unique to begin with.
Comment #3
levelos CreditAttribution: levelos commentedGood call, but this patch would need to update existing web hooks as well as effecting future ones.
Comment #3.0
levelos CreditAttribution: levelos commentedcorrect example url
Comment #4
amytswan CreditAttribution: amytswan at ThinkShout commented“And now our watch [for support of the 7.x-2.x version of the MailChimp module] has ended…” With the approaching deprecation of MailChimp’s API version 2.0, I’m sad to say we too must turn the page. This branch will become unsupported in early October and officially deprecated by the end of this year (2016).
Fret not! The 7.x-4.x and 8.x versions come highly recommended. Both are using Mailchimp’s new API 3.0 and are being actively maintained. If you find this issue still exists on either the 7.x-4.x or 8.x branches, let us know by opening a new ticket. “What is dead may never die, but rises again, harder and stronger!”