PayPal: Fail early on invalid webhook payload (#2528)

Co-authored-by: Raphael Michel <michel@rami.io>
2026-05-03 14:54:04 +00:00 · 2022-03-17 11:50:58 -04:00
parent 1b2ca87f2d
commit 5bde98e349
1 changed files with 2 additions and 0 deletions
--- a/src/pretix/plugins/paypal/views.py
+++ b/src/pretix/plugins/paypal/views.py
@@ -176,6 +176,8 @@ def webhook(request, *args, **kwargs):
    event_json = json.loads(event_body)

    # We do not check the signature, we just use it as a trigger to look the charge up.
+    if 'resource_type' not in event_json:
+        return HttpResponse("Invalid body, no resource_type given", status=400)
    if event_json['resource_type'] not in ('sale', 'refund'):
        return HttpResponse("Not interested in this resource type", status=200)