Grist-core vers. 1.2.1. Downloading a document does not save webhook settings. In fact importing the exported document, the webhook setting cards are missing.
I think there’s an issue with secrets. A part of the webhook settings is treated as effectively a credential and deliberately not stored with the document. You could push back against this design choice, there was a lot of back and forth on it at the time of implementation, but I believe that’s the reason for the behavior you’re seeing.
True, but if it’s the owner requesting the download it should be allowed. We should also consider that the document itself could have lots of sensitive data therefore downloading should be, totally, denied for security reasons.