diff --git a/.env.example b/.env.example
index 92b1d451..10206547 100644
--- a/.env.example
+++ b/.env.example
@@ -55,3 +55,5 @@ MIX_PUSHER_APP_CLUSTER="${PUSHER_APP_CLUSTER}"
 
 PASSPORT_CLIENT_ID=
 PASSPORT_CLIENT_SECRET=
+
+APP_DEPLOY_SECRET=
\ No newline at end of file
diff --git a/README.md b/README.md
index 52f56e2b..a0619cc9 100644
--- a/README.md
+++ b/README.md
@@ -1,3 +1,7 @@
+### Demo & dev preview links
+* For visit demo version click here [demo.vuefilemanager.com](https://demo.vuefilemanager.com/) 
+* For visit dev version click here [dev.vuefilemanager.com](https://dev.vuefilemanager.com/) (It's auto deployed dev branch. Can be unstable and not ready for production)
+
 ### Installation setup
 
 Run these commands to install vendors:
diff --git a/app/Http/Controllers/DeployController.php b/app/Http/Controllers/DeployController.php
index 783f0be5..e273d794 100644
--- a/app/Http/Controllers/DeployController.php
+++ b/app/Http/Controllers/DeployController.php
@@ -4,6 +4,9 @@ namespace App\Http\Controllers;
 
 use Illuminate\Http\Request;
 use Artisan;
+use Illuminate\Support\Facades\Log;
+use Illuminate\Validation\UnauthorizedException;
+use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
 
 class DeployController extends Controller
 {
@@ -11,17 +14,31 @@ class DeployController extends Controller
      * Get web hook payload and verify request
      *
      * @param Request $request
+     * @return \Illuminate\Contracts\Routing\ResponseFactory|\Illuminate\Http\Response
      */
     public function deploy(Request $request)   {
 
-        $githubPayload = $request->getContent();
-        $localToken = config('app.deploy_secret');
-
-        $localHash = 'sha1=' . hash_hmac('sha1', $githubPayload, $localToken, false);
-
-        if (hash_equals( $request->header('X-Hub-Signature'), $localHash)) {
-
-            Artisan::call('deploy:production');
+        if (($signature = $request->headers->get('X-Hub-Signature')) == null) {
+            throw new BadRequestHttpException('Header not set');
         }
+
+        $signature_parts = explode('=', $signature);
+
+        if (count($signature_parts) != 2) {
+            throw new BadRequestHttpException('signature has invalid format');
+        }
+
+        $known_signature = hash_hmac('sha1', $request->getContent(), config('app.deploy_secret'));
+
+        if (! hash_equals($known_signature, $signature_parts[1])) {
+            throw new UnauthorizedException('Could not verify request signature ' . $signature_parts[1]);
+        }
+
+        // Run deploying
+        Artisan::call('deploy:production');
+
+        Log::info('The GitHub webhook was accepted');
+
+        return response('The GitHub webhook was accepted', 202);
     }
 }