Drafted with Claude, reviewed manually.
WebhookRawBodyMiddleware (#1668) makes the raw POST body reachable
inside DAG runs as WEBHOOK_PAYLOAD, but request headers are dropped
before the DAG sees the run.
Forwarding an allow-listed subset (e.g. via a per-DAG or base.yaml
forward_headers field) would unblock common webhook patterns:
Sketch on top of #1668:
webhook_middleware.go — capture allow-listed headers into ctxwebhooks.go::TriggerWebhook — append WEBHOOK_HEADERS=<json> to paramsapi/v1/api.yaml — document the new param
Authorization should never be forwardable.
Discussion context:
https://discord.com/channels/1095289480774172772/1409891877288939560/1497580577325453373
Happy to put up a PR.
Drafted with Claude, reviewed manually.
WebhookRawBodyMiddleware(#1668) makes the raw POST body reachableinside DAG runs as
WEBHOOK_PAYLOAD, but request headers are droppedbefore the DAG sees the run.
Forwarding an allow-listed subset (e.g. via a per-DAG or
base.yamlforward_headersfield) would unblock common webhook patterns:X-GitHub-Event/X-Gitea-EventX-GitHub-Delivery,Stripe-Idempotency-KeySketch on top of #1668:
webhook_middleware.go— capture allow-listed headers into ctxwebhooks.go::TriggerWebhook— appendWEBHOOK_HEADERS=<json>toparamsapi/v1/api.yaml— document the new paramAuthorizationshould never be forwardable.Discussion context:
https://discord.com/channels/1095289480774172772/1409891877288939560/1497580577325453373
Happy to put up a PR.