When checking call is coming from twilio account for path prefix being stripped by a server earlier in the chain (#290)

2022-07-26 09:43:39 -06:00 · 2022-07-26 09:43:39 -06:00 · 6a2ffa9432
commit 6a2ffa9432
parent 879e157f05
1 changed files with 3 additions and 1 deletions
--- a/engine/apps/twilioapp/views.py
+++ b/engine/apps/twilioapp/views.py
@ -10,6 +10,7 @@ from twilio.request_validator import RequestValidator

 from apps.base.utils import live_settings
 from apps.twilioapp.utils import process_call_data
+from common.api_helpers.utils import create_engine_url

 logger = logging.getLogger(__name__)

@ -19,8 +20,9 @@ class AllowOnlyTwilio(BasePermission):
        # https://www.twilio.com/docs/usage/tutorials/how-to-secure-your-django-project-by-validating-incoming-twilio-requests
        # https://www.django-rest-framework.org/api-guide/permissions/
        validator = RequestValidator(live_settings.TWILIO_AUTH_TOKEN)
+        location = create_engine_url(request.get_full_path())
        request_valid = validator.validate(
-            request.build_absolute_uri(), request.POST, request.META.get("HTTP_X_TWILIO_SIGNATURE", "")
+            request.build_absolute_uri(location=location), request.POST, request.META.get("HTTP_X_TWILIO_SIGNATURE", "")
        )
        return request_valid