diff --git a/src/routes/api/revalidate/+server.ts b/src/routes/api/revalidate/+server.ts index f473003..e1a7588 100644 --- a/src/routes/api/revalidate/+server.ts +++ b/src/routes/api/revalidate/+server.ts @@ -7,7 +7,8 @@ import { invalidateAll, invalidateCollection } from '$lib/cms'; * RustyCMS Webhook Receiver. * * Erwartet Payload mit `event` (z.B. "content.updated") und optional `collection` + `slug`. - * Auth via X-Revalidate-Token Header (shared secret aus REVALIDATE_TOKEN env var). + * Auth via X-Revalidate-Token Header, X-Webhook-Secret Header oder ?token=… + * Query-Param (shared secret aus REVALIDATE_TOKEN env var). * Purged TTL-Cache: per-collection wenn collection bekannt, sonst komplett. */ @@ -24,7 +25,9 @@ export const POST: RequestHandler = async ({ request, url }) => { throw error(500, 'REVALIDATE_TOKEN not configured'); } const provided = - request.headers.get('x-revalidate-token') ?? url.searchParams.get('token'); + request.headers.get('x-revalidate-token') ?? + request.headers.get('x-webhook-secret') ?? + url.searchParams.get('token'); if (provided !== token) { throw error(401, 'invalid token'); }