> webhook secrets for webhooks you are responsible for were inadvertently included in an HTTP header on webhook deliveries
LOL how does this even happen?
Same reaction of mine as well. I mean, how do you even fck up this way? ... I dont know why, but, this is giving me vibe-coded vibes.
Developer might have prompted to include some signature (definitely they didn't use this word, or else AI would not have messed this way) to verify the webhooks as being coming from legitimate source, and AI probably went ahead with the secret key itself :)