From 3d4c513be972375c4768d9ee61fa383715667bd6 Mon Sep 17 00:00:00 2001
From: Krzysztof Wolski <krzysztof.k.wolski@gmail.com>
Date: Thu, 4 Aug 2022 12:27:45 +0200
Subject: [PATCH] Handle missing webhook signature header

---
 src/middleware.ts | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/middleware.ts b/src/middleware.ts
index d454028..4ca2ed7 100644
--- a/src/middleware.ts
+++ b/src/middleware.ts
@@ -72,6 +72,13 @@ export const withWebhookSignatureVerified =
 
     const { domain: saleorDomain, signature: payloadSignature } = getSaleorHeaders(request.headers);
 
+    if (!payloadSignature) {
+      return Response.BadRequest({
+        success: false,
+        message: "Missing payload signature.",
+      });
+    }
+
     if (secretKey !== undefined) {
       const calculatedSignature = crypto
         .createHmac("sha256", secretKey)