clerk-sdk-ruby 2.0.0 → 2.0.4

Sign up to get free protection for your applications and to get access to all the features.
Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/lib/clerk/rack_middleware_v2.rb +16 -2
  3. data/lib/clerk/version.rb +1 -1
  4. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 101f319b542b23eb2764f9b39179ad588093a0bd0fb2b8ca2a4efa38c3c4eb0d
4
- data.tar.gz: 510741253965164102b7efb2e3877fd150c4ad447cb78966cf6d1e30196462d3
3
+ metadata.gz: e443f464076d7d267af214c5e2d12847aec0bf5bac6e80479736d02fbf92a8ae
4
+ data.tar.gz: a3b0457f1402594db56968d7af4e6dcc4674276f248083aad09f278530b22d57
5
5
  SHA512:
6
- metadata.gz: 3cb5e38de99149778a0dfbb342a4b835fba0b1c29c2a44648ad0403d75160cbe23b384c15078623f6ff2d07a851a90516826ca6a8cdc583fe29cdc1d56b3c845
7
- data.tar.gz: 6dfc4009ec233845bf92b9a08be14a4e2f8ec3374ef0ffa717cf668e4479fdc4ae838e3797a6721eb1a328acacd27c3f538f477dec68f772da3ca074b14d17ff
6
+ metadata.gz: dfb091cbe8eb5a88881db5294927eb849d20e8f802a6cac697f8c865328a5a29afe69e3467eb1c8aea74265f96ce8d4ca0d93d1533513c0c6f6aad1e32537463
7
+ data.tar.gz: 66e0af91ac94339b1b10f4507b936b9c38083cd1f5a9deb69cccfd8177e44c08f65d838e9bc00e8c543ac9396fffa19da7243eeb271ae203c3d2856ee3c5ba5f
data/lib/clerk/rack_middleware_v2.rb CHANGED
@@ -66,7 +66,8 @@ module Clerk
66
66
  @env = env
67
67
  @req = Rack::Request.new(env)
68
68
  @env["clerk"] = ProxyV2.new
69
- @header_token = @req.env["HTTP_AUTHORIZATION"]&.strip
69
+ @header_token = @req.env["HTTP_AUTHORIZATION"]
70
+ @header_token = @header_token.strip.sub(/\ABearer /, '') if @header_token
70
71
  @cookie_token = @req.cookies["__session"]
71
72
  @client_uat = @req.cookies["__client_uat"]
72
73
 
@@ -147,8 +148,21 @@ module Clerk
147
148
  end
148
149
 
149
150
  def cross_origin_request?(req)
151
+ # origin contains scheme+host and optionally port (ommitted if 80 or 443)
152
+ # ref. https://www.rfc-editor.org/rfc/rfc6454#section-6.1
150
153
  origin = req.env["HTTP_ORIGIN"]
151
- origin && origin != req.host
154
+ return false if origin.nil?
155
+
156
+ # strip scheme
157
+ origin = origin.strip.sub(/\A(\w+:)?\/\//, '')
158
+ return false if origin.empty?
159
+
160
+ # Rack's host and port helpers are reverse-proxy-aware; that
161
+ # is, they prefer the de-facto X-Forwarded-* headers if they're set
162
+ request_host = req.host
163
+ request_host << ":#{req.port}" if req.port != 80 && req.port != 443
164
+
165
+ origin != request_host
152
166
  end
153
167
 
154
168
  def verify_token(token)
data/lib/clerk/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Clerk
4
- VERSION = "2.0.0"
4
+ VERSION = "2.0.4"
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: clerk-sdk-ruby
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.0.0
4
+ version: 2.0.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - Clerk
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2021-10-21 00:00:00.000000000 Z
11
+ date: 2021-10-25 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: faraday