Vulnerability in EPiServer.Forms
Is there a way to select a webhook URL based on the form type when the form is submitted? Let me give you a quick breakdown of what I am trying to achieve.
We are currently using a number of shared form across our business site. Each form is for a different department. We have an initial selection factory that allows the end user to select the form they would like to use. Within each form, we have added the same webook url so that everything sends to the same location.
What the business would like now is to keep that original webhook url in place as the form is shared, provide a way to add additional webhook urls to the sitepages that contain the forms so they can be referenced and override the current webhook within the form.
I've been able to create the new properties for the webhook urls and I am able to reference them at the time of form submission by creating a custom actor that inherits from CallWebhookAfterSubmissionActor.
The issue I am having is the actual override of the current webhook with the dynamic one. I have spent hours researching and the closest article I have been able to find that relates to what I am trying to do is:
The issue is that he is using the ContentEventArgs as he is creating the webhook when the content is published which i am not doing. I'd like to just reference the correct dynamic webhook, intercept before POST, and override the webhook.
I apologize as Episerver Forms is new to me and I am still learning it's ins and outs.
No, the form just submits to the webhook irrespective of the data.
The best options is to create a custom actor https://docs.developers.optimizely.com/content-management-system/v1.2.0-forms/docs/implementing-a-customized-actor which is what the webhook is, you can decompile and look at the CallWebhookAfterSubmissionActor to get an idea how it works and could invent inherit from it to create your own overrides potentially.