I am trying to validate a xero webhook for Invoice create and update. here is my code:
$body=file_get_contents('php://input');
$yourHash = base64_encode(hash_hmac('sha256',$body,'gDgLpn+xqX7ojhCEq5xx1viAyy6nEa4CMuiQxcXf9ctAoLkscnh/b1Y3002JjIEHOvOEt3MBvx1VLHh6lzaiAA==',true));
if ($yourHash == $_SERVER['HTTP_X_XERO_SIGNATURE'])
{
header("status: 200 Ok");
}else
{
header("status: 401 Unauthorized");
}
The error here is "Response contained a cookie". How I can remove this cookie in response?
There is nothing in your code sample that is adding a cookie. Check that your http server does not respond with cookies.
I resorted to adding
proxy_hide_header "Set-Cookie";
to a strongly filtered location section in my nginx configuration file.
You may require
fastcgi_hide_header "Set-Cookie";
I'm hoping this won't cause any issues down the track. Next you will need to remove the body from your response. My Response objects are
Response(status=200)
Response(status=401)
If you're serving with Apache I believe you can hide headers by editting the .htaccess file.