X-Git-Url: https://git.octo.it/?p=kraftakt.git;a=blobdiff_plain;f=kraftakt.go;fp=kraftakt.go;h=e2318e7fdf961d5ef64fa61d8448ed0de20b8fd4;hp=d53a3a35d810630f6d9e7979f00009fcb8af6f60;hb=bb0ee5050d834e438b67306c8e98d810478b3a08;hpb=b0b4324f51ba7658e5e97b294ebd8ab7008d8f2a

diff --git a/kraftakt.go b/kraftakt.go
index d53a3a3..e2318e7 100644
--- a/kraftakt.go
+++ b/kraftakt.go
@@ -258,9 +258,13 @@ func fitbitNotifyHandler(ctx context.Context, w http.ResponseWriter, r *http.Req
 	// Fitbit recommendation: "If signature verification fails, you should
 	// respond with a 404"
 	if !fitbit.CheckSignature(ctx, data, r.Header.Get("X-Fitbit-Signature")) {
-		log.Errorf(ctx, "signature mismatch")
-		w.WriteHeader(http.StatusNotFound)
-		return nil
+		/*
+			log.Errorf(ctx, "signature mismatch")
+			w.WriteHeader(http.StatusNotFound)
+			return nil
+		*/
+	} else {
+		log.Warningf(ctx, "TODO(octo): re-enable signature checking, see https://community.fitbit.com/t5/Web-API-Development/Push-notification-signatures-are-currently-invalid/m-p/2496159")
 	}
 
 	if err := delayedHandleNotifications.Call(ctx, data); err != nil {