Add Content-Type header application/json to webhook requests

[donstephan]

Hello!

• Vote on this issue by adding a 👍 reaction
• If you want to implement this feature, comment to let us know (we'll work with you on design, scheduling, etc.)

Issue details

When webhooks are sent with step-ca, no Content-Type header is added to the request. This should be Content-Type: application/json as stated in the webhook documentation here https://smallstep.com/docs/step-ca/webhooks/#requests. For more context, here is where headers are attached to a webhook request:

certificates/authority/provisioner/webhook.go

Line 135 in 1b2d999

func (w *Webhook) DoWithContext(ctx context.Context, client *http.Client, reqBody *webhook.RequestBody, data any) (*webhook.ResponseBody, error) {

Example headers received from a step-ca webhook:

Accept-Encoding	           gzip
Content-Length	           1810
Host	                                   xxx
User-Agent	                   Go-http-client/2.0
X-Forwarded-For	           xxx
X-Forwarded-Host	           xxx
X-Forwarded-Proto	           https
X-Request-Id	                   xxx
X-Smallstep-Signature	   xxx
X-Smallstep-Webhook-Id   xxx

Why is this needed?

This will make it easier for webhook consumers to parse the request body. This should not effect clients from validating webhook signatures properly.

Do note this could cause a issues for current webhook implementation depending on how clients are parsing the current requests. Adding the Content-Type header could cause the expected body to change if they have existing support for JSON body types.