#imdavidmin-webhook signatures

@red dragon @late zodiac won't be around for a few hours, but I can pass it on(I looked at your thread a bit yesterday) if you found a solution to your problem

Yes, with Cloudflare Workers, the equivalent code to the one implemented in your node.js library for reading the payload (JSON body) is event.request.text() instead of what I used before event.request.json().
However, through debugging, I was trying to understand where exactly the two strings are different by copying the output from the console. I even reproduced this in a Node.js set up, where I've added a console.log(string_to_sign) to Stripe's library. Copying that output and sending it again as a JSON body locally using Postman generated a different signature. So whatever difference there is is very hard to spot.
Probably not a practical suggestion to be implemented given existing deployments, but if there ever was a v2 of signatures, maybe it will help to sign the parsed and stringified payload. This will make sure whatever invisible differences are not going to impact the signature generated and helps debugging.

it's probably whitespace

whatever way you copied it or that Postman formatted things probably stripped/added whitespace

I thought so as well but copying the console output should include all whitespaces and line breaks

When i posted again in postman the console output is again the same

the event body we send has significant whitespace, e.g. it has tab characters and spaces for the indentation of the JSON

yea the console output included those indentations and linebreaks

well something must have changed but it's hard to say

yea exactly, hard to say. hence my suggestion if signing ever changes for v2

yep I agree we should make this much better and my team spends a lot of time debugging signature problems like this unfortunately

it's just not a priority to revisit at the moment but we're well aware of the feedback