From 8979085fb5dabc68e6b2174609bed89d9161f3c6 Mon Sep 17 00:00:00 2001
From: 0xsysr3ll <0xsysr3ll@pm.me>
Date: Sun, 14 Dec 2025 23:20:05 +0100
Subject: [PATCH] feat(webhook): add validation for Authorization header
 conflict

Signed-off-by: 0xsysr3ll <0xsysr3ll@pm.me>
---
 .../NotificationsWebhook/index.tsx            | 19 +++++++++++++++++++
 src/i18n/locale/en.json                       |  1 +
 2 files changed, 20 insertions(+)

diff --git a/src/components/Settings/Notifications/NotificationsWebhook/index.tsx b/src/components/Settings/Notifications/NotificationsWebhook/index.tsx
index a1fbaff2..4a915267 100644
--- a/src/components/Settings/Notifications/NotificationsWebhook/index.tsx
+++ b/src/components/Settings/Notifications/NotificationsWebhook/index.tsx
@@ -93,6 +93,8 @@ const messages = defineMessages(
     customHeadersKey: 'Header Name',
     customHeadersValue: 'Header Value',
     customHeadersIncomplete: 'All headers must have both name and value',
+    customHeadersAuthConflict:
+      'Cannot use both Authorization Header and custom Authorization header. Please remove one.',
     validationJsonPayloadRequired: 'You must provide a valid JSON payload',
     webhooksettingssaved: 'Webhook notification settings saved successfully!',
     webhooksettingsfailed: 'Webhook notification settings failed to save.',
@@ -156,6 +158,23 @@ const NotificationsWebhook = () => {
               (!header.value || !header.value.trim())
           );
         }
+      )
+      .test(
+        'auth-conflict',
+        intl.formatMessage(messages.customHeadersAuthConflict),
+        function (headers) {
+          const { authHeader } = this.parent;
+          if (!authHeader || !headers || headers.length === 0) return true;
+
+          const hasCustomAuthHeader = headers.some(
+            (header) =>
+              header.key &&
+              header.value &&
+              header.key.toLowerCase() === 'authorization'
+          );
+
+          return !hasCustomAuthHeader;
+        }
       ),
 
     jsonPayload: Yup.string()
diff --git a/src/i18n/locale/en.json b/src/i18n/locale/en.json
index b67623c9..c151682c 100644
--- a/src/i18n/locale/en.json
+++ b/src/i18n/locale/en.json
@@ -683,6 +683,7 @@
   "components.Settings.Notifications.NotificationsWebhook.authheader": "Authorization Header",
   "components.Settings.Notifications.NotificationsWebhook.customHeaders": "Custom Headers",
   "components.Settings.Notifications.NotificationsWebhook.customHeadersAdd": "Add Header",
+  "components.Settings.Notifications.NotificationsWebhook.customHeadersAuthConflict": "Cannot use both Authorization Header and custom Authorization header. Please remove one.",
   "components.Settings.Notifications.NotificationsWebhook.customHeadersIncomplete": "All headers must have both name and value",
   "components.Settings.Notifications.NotificationsWebhook.customHeadersKey": "Header Name",
   "components.Settings.Notifications.NotificationsWebhook.customHeadersRemove": "Remove",