[Solved] WebHook reply content type returned as application/json despite explicitly setting text/html


I have a webhook workflow which I have explicity set the Content-Type to text/html, but it is being sent as Application/JSon.

The request is not being sent with any specific accept header.

In fact it seems I can set the content type header value to anything but text/html

If I set it to text/plan that will be sent. If I then set the content type back to text/html the value text/plain is still sent.



This is actually intentional behavior, see the Notes About Security on the Webhook Reply documentation. Essentially, since webhooks across every application all exist under the same domain triggers.losant.com, we have to take precautions to prevent people from using webhook replies to execute Cross-Site-Scripting attacks.

If you need to return text/html, we recommend using an Endpoint/Endpoint Reply. Since those are domain isolated on a per application basis, it isn’t a security risk to allow the returning of html.

Oh ok, understood. I missed the notes about security.

Will have a look at that.