1414use Symfony \Component \HttpFoundation \ChainRequestMatcher ;
1515use Symfony \Component \HttpFoundation \HeaderBag ;
1616use Symfony \Component \HttpFoundation \Request ;
17+ use Symfony \Component \HttpFoundation \RequestMatcher \HeaderRequestMatcher ;
1718use Symfony \Component \HttpFoundation \RequestMatcher \IsJsonRequestMatcher ;
1819use Symfony \Component \HttpFoundation \RequestMatcher \MethodRequestMatcher ;
1920use Symfony \Component \HttpFoundation \RequestMatcherInterface ;
@@ -36,6 +37,11 @@ protected function getRequestMatcher(): RequestMatcherInterface
3637return new ChainRequestMatcher ([
3738new MethodRequestMatcher ('POST ' ),
3839new IsJsonRequestMatcher (),
40+ new HeaderRequestMatcher ([
41+ 'svix-id ' ,
42+ 'svix-timestamp ' ,
43+ 'svix-signature ' ,
44+ ]),
3945 ]);
4046 }
4147
@@ -72,14 +78,9 @@ protected function doParse(Request $request, #[\SensitiveParameter] string $secr
7278private function validateSignature (string $ payloadHeaderBag $ headersstring $ secretvoid
7379 {
7480$ secret$ this decodeSecret ($ secret
75-
76- if ($ headershas ('svix-id ' ) &&$ headershas ('svix-timestamp ' ) &&$ headershas ('svix-signature ' )) {
77- $ messageId$ headersget ('svix-id ' );
78- $ messageTimestampint )$ headersget ('svix-timestamp ' );
79- $ messageSignature$ headersget ('svix-signature ' );
80- }else {
81- throw new RejectWebhookException (406 ,'Missing required headers. ' );
82- }
81+ $ messageId$ headersget ('svix-id ' );
82+ $ messageTimestampint )$ headersget ('svix-timestamp ' );
83+ $ messageSignature$ headersget ('svix-signature ' );
8384
8485$ signature$ this sign ($ secret$ messageId$ messageTimestamp$ payload
8586$ expectedSignatureexplode (', ' ,$ signature2 )[1 ];