Fix regex pattern for webhook URL validation#613
Conversation
voytech-net
commented
Jan 7, 2026
- when using azure workflows, the generated URL has a query parameter with encoded forward slash
- the original regex pattern did not like this
- testing it with url https://prod-742.westeurope.logic.azure.com:443/workflows/9d2c41b7f8e54a3c9b0a4c2e6e71a8f3/triggers/When_an_HTTP_request_is_received/paths/invoke?api-version=2016-10-01&sp=%2Ftriggers%2FWhen_an_HTTP_request_is_received%2Frun&sv=1.0&sig=Qm4nZ8pL2tVx7cRd1sYkH3aB9uE0iJ5wX6gN7hK8mPq makes this regex accept the webhook
- when using azure workflows, the generated URL has a query parameter with encoded forward slash - the original regex pattern did not like this
|
@voytech-net is attempting to deploy a commit to the Hookdeck Team on Vercel. A member of the Team first needs to authorize it. |
There was a problem hiding this comment.
Pull request overview
This PR fixes the webhook URL validation regex pattern to accept URLs with percent-encoded characters, specifically to support Azure Logic Apps workflow URLs that contain encoded forward slashes (e.g., %2F) in query parameters.
Key Changes
- Added
%character to the URL path regex pattern to allow percent-encoded characters in webhook URLs
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| "description": "The URL to send webhook events to via HTTP POST", | ||
| "required": true, | ||
| "pattern": "^https?:\\/\\/[\\w\\-]+(?:\\.[\\w\\-]+)*(?::\\d{1,5})?(?:\\/[\\w\\-\\/\\.~:?#\\[\\]@!$&'\\(\\)*+,;=]*)?$" | ||
| "pattern": "^https?:\\/\\/[\\w\\-]+(?:\\.[\\w\\-]+)*(?::\\d{1,5})?(?:\\/[\\w\\-\\/\\.~:%:?#\\[\\]@!$&'\\(\\)*+,;=]*)?$" |
There was a problem hiding this comment.
The regex pattern contains a duplicate colon character. In the path portion of the pattern, the sequence ~:%:? should be ~:%?. The duplicate colon between % and ? is unnecessary and may cause unexpected behavior in URL validation.
| "pattern": "^https?:\\/\\/[\\w\\-]+(?:\\.[\\w\\-]+)*(?::\\d{1,5})?(?:\\/[\\w\\-\\/\\.~:%:?#\\[\\]@!$&'\\(\\)*+,;=]*)?$" | |
| "pattern": "^https?:\\/\\/[\\w\\-]+(?:\\.[\\w\\-]+)*(?::\\d{1,5})?(?:\\/[\\w\\-\\/\\.~:%?#\\[\\]@!$&'\\(\\)*+,;=]*)?$" |
| "description": "The URL to send webhook events to via HTTP POST", | ||
| "required": true, | ||
| "pattern": "^https?:\\/\\/[\\w\\-]+(?:\\.[\\w\\-]+)*(?::\\d{1,5})?(?:\\/[\\w\\-\\/\\.~:?#\\[\\]@!$&'\\(\\)*+,;=]*)?$" | ||
| "pattern": "^https?:\\/\\/[\\w\\-]+(?:\\.[\\w\\-]+)*(?::\\d{1,5})?(?:\\/[\\w\\-\\/\\.~:%:?#\\[\\]@!$&'\\(\\)*+,;=]*)?$" |
There was a problem hiding this comment.
The URL validation pattern has been updated to support percent-encoded characters (like %2F for forward slashes in Azure workflow URLs), but there are no tests verifying that URLs with percent-encoded characters are accepted. Consider adding a test case that validates a URL with percent-encoded characters, such as the Azure workflow URL mentioned in the PR description, to ensure the regex change works as intended and prevent regressions.
|
hi @voytech-net, thank you so much for your contribution, this work is merged in #619 as we needed to apply this same RegEx to other destinations as well |