Skip to content

Forward the request correlation id header in the legacy dispatchWebhook wrapper in src/webhooks/dispatcher.ts #502

Description

@Jagadeeshftw

📌 Description

The backwards-compat dispatchWebhook() helper in src/webhooks/dispatcher.ts (around lines 378-388) sends outbound webhook headers but omits the correlation-id header even when correlation context is available. The main delivery path propagates the correlation id, so legacy callers create a gap in end-to-end tracing for those deliveries.

💡 Why it matters: Inconsistent correlation propagation breaks request tracing for any code still using the legacy wrapper, making incident triage harder.

🧩 Requirements and context

  • Add the correlation-id header (matching the constant used on the main path) to outbound headers in dispatchWebhook().
  • Reuse the existing header constant rather than hardcoding the name.
  • Preserve all existing headers (signature, content-type, etc.).
  • Add a test asserting the correlation header is present on the legacy path.

Non-functional requirements

  • Must be secure, tested, and documented.
  • Should be efficient and easy to review.

🛠️ Suggested execution

1. Fork the repo and create a branch

git checkout -b fix/dispatchwebhook-correlation-header

2. Implement changes

  • Write/modify the relevant source: src/webhooks/dispatcher.ts
  • Write comprehensive tests: src/webhooks/dispatcher.test.ts
  • Add documentation: inline TSDoc
  • Include TSDoc doc comments
  • Validate security assumptions: header carries only the correlation id

3. Test and commit

  • Run tests:
npm test
  • Cover edge cases: correlation present, correlation absent
  • Include test output and security notes in the PR description.

Example commit message

fix(webhooks): propagate correlation id in legacy dispatchWebhook

✅ Acceptance criteria

  • Legacy dispatchWebhook sends the correlation header
  • Header name reuses the shared constant
  • Existing headers preserved
  • Test asserts header presence

🔒 Security notes

Ensure no additional sensitive context is leaked through the new header.

📋 Guidelines

  • Minimum 95% test coverage
  • Clear documentation
  • Timeframe: 96 hours

Metadata

Metadata

Assignees

Labels

GrantFox OSSGrantFox open-source programMaybe RewardedGrantFox: potentially rewarded contributionOfficial CampaignGrantFox official campaign issueStellar WaveIssues in the Stellar wave programbackendBackend service workbugBugobservabilityLogging / metrics / tracing

Type

Fields

No fields configured for Bug.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions