Uploaded image for project: 'Statuspage'
  1. Statuspage
  2. STATUS-669

Issues with Webhook Subcription Management on Audience-Specific Pages

XMLWordPrintable

    • 1
    • Severity 3 - Minor

      Issue Summary

      At this time, when webhook subscriptions are allowed on Audience-Specific pages, users who log in can then press "Subscribe for Updates" and add a Webhook endpoint. They are also asked for an Email Address (to receive the "This Webhook failed" message if required). 

      Issues:

      For Users: 

      1. The user can add anyone's email address there - meaning that technically, they can spam another person by adding webhook URLs they know will not work, ensuring that person will get failure emails from us
        • Suggestion: The email address for a webhook on the audience specific page should match the email of the user adding it. 
      2. Once they add a webhook, there doesn't appear to be a way to remove that webhook through the GUI 
        • I.e. as a User of the page, logging in to <companystatus>.statuspage.io - there isn't a way to remove that webhook
      3. If someone else has created a webhook subscription, and used your email address - you can't follow the unsubscribe link to unsubscribe - it requires the login of whomever created it.

      For Administrators: 

      1. There is no easy way to see and manage Webhook subscriptions as they are only listed under the User who added the subscription. For pages that have hundreds of users, this would mean the 
        • If an Admin needed to find and remove a "rogue" webhook, they would need to know which user registered it, so they can go in and remove it 

      Steps to Reproduce

      1. In an Audience-Specific page, allow Webhook Subscriptions, log in as a user to the page and add a Subscription 
      2. As the user, attempt to administer the webhook via the user login page (ie remove it or change the components that send notifications there) 
      3. As the admin, attempt to administer the webhook 

      Expected Results

      Have a way for both the user and the admins to easily administer webhooks. 

      Actual Results

      There are no easy ways to identify webhook subscriptions in Audience Specific pages, or manage them.

      Workaround

      Currently, there is no known workaround for this behaviour. A workaround will be added here when available

            Unassigned Unassigned
            tpavlovic Talar Pavlovic
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated: