Apply suggestions from code review

Author: jnsdls

packages/thirdweb/src/bridge/Webhook.ts

@@ -27,22 +27,31 @@ export async function parse<T extends Record<string, unknown>>(
   tolerance = 300, // Default to 5 minutes if not specified
 ) {
   // Get the signature and timestamp from headers
+  // Normalize header keys to lowercase for broader compatibility
+  const lower = Object.fromEntries(
+    Object.entries(headers).map(([k, v]) => [k.toLowerCase(), v]),
+  );
   const receivedSignature =
-    headers["x-payload-signature"] || headers["x-pay-signature"];
+    lower["x-payload-signature"] || lower["x-pay-signature"];
   const receivedTimestamp =
-    headers["x-timestamp"] || headers["x-pay-timestamp"];
-
+    lower["x-timestamp"] || lower["x-pay-timestamp"];
   if (!receivedSignature || !receivedTimestamp) {
     throw new Error("Missing required webhook headers: signature or timestamp");
   }
 
   // Verify timestamp
   const now = Math.floor(Date.now() / 1000);
   const timestamp = Number.parseInt(receivedTimestamp, 10);
+  if (Number.isNaN(timestamp)) {
+    throw new Error("Invalid webhook timestamp: must be a Unix epoch (seconds)");
+  }
   const diff = Math.abs(now - timestamp);
 
   if (diff > tolerance) {
     throw new Error(
+      // …
+    );
+  }
       `Webhook timestamp is too old. Difference: ${diff}s, tolerance: ${tolerance}s`,
     );
   }