From 6a2ffa943234d89888389cd6428e7500514efe07 Mon Sep 17 00:00:00 2001
From: Michael Derynck <michael.derynck@grafana.com>
Date: Tue, 26 Jul 2022 09:43:39 -0600
Subject: [PATCH] When checking call is coming from twilio account for path
 prefix being stripped by a server earlier in the chain (#290)

---
 engine/apps/twilioapp/views.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/engine/apps/twilioapp/views.py b/engine/apps/twilioapp/views.py
index 14d3756b..31bd4b52 100644
--- a/engine/apps/twilioapp/views.py
+++ b/engine/apps/twilioapp/views.py
@@ -10,6 +10,7 @@ from twilio.request_validator import RequestValidator
 
 from apps.base.utils import live_settings
 from apps.twilioapp.utils import process_call_data
+from common.api_helpers.utils import create_engine_url
 
 logger = logging.getLogger(__name__)
 
@@ -19,8 +20,9 @@ class AllowOnlyTwilio(BasePermission):
         # https://www.twilio.com/docs/usage/tutorials/how-to-secure-your-django-project-by-validating-incoming-twilio-requests
         # https://www.django-rest-framework.org/api-guide/permissions/
         validator = RequestValidator(live_settings.TWILIO_AUTH_TOKEN)
+        location = create_engine_url(request.get_full_path())
         request_valid = validator.validate(
-            request.build_absolute_uri(), request.POST, request.META.get("HTTP_X_TWILIO_SIGNATURE", "")
+            request.build_absolute_uri(location=location), request.POST, request.META.get("HTTP_X_TWILIO_SIGNATURE", "")
         )
         return request_valid