clerk-sdk-ruby 2.0.0 → 2.0.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/clerk/rack_middleware_v2.rb +16 -2
- data/lib/clerk/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: e443f464076d7d267af214c5e2d12847aec0bf5bac6e80479736d02fbf92a8ae
|
4
|
+
data.tar.gz: a3b0457f1402594db56968d7af4e6dcc4674276f248083aad09f278530b22d57
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: dfb091cbe8eb5a88881db5294927eb849d20e8f802a6cac697f8c865328a5a29afe69e3467eb1c8aea74265f96ce8d4ca0d93d1533513c0c6f6aad1e32537463
|
7
|
+
data.tar.gz: 66e0af91ac94339b1b10f4507b936b9c38083cd1f5a9deb69cccfd8177e44c08f65d838e9bc00e8c543ac9396fffa19da7243eeb271ae203c3d2856ee3c5ba5f
|
@@ -66,7 +66,8 @@ module Clerk
|
|
66
66
|
@env = env
|
67
67
|
@req = Rack::Request.new(env)
|
68
68
|
@env["clerk"] = ProxyV2.new
|
69
|
-
@header_token = @req.env["HTTP_AUTHORIZATION"]
|
69
|
+
@header_token = @req.env["HTTP_AUTHORIZATION"]
|
70
|
+
@header_token = @header_token.strip.sub(/\ABearer /, '') if @header_token
|
70
71
|
@cookie_token = @req.cookies["__session"]
|
71
72
|
@client_uat = @req.cookies["__client_uat"]
|
72
73
|
|
@@ -147,8 +148,21 @@ module Clerk
|
|
147
148
|
end
|
148
149
|
|
149
150
|
def cross_origin_request?(req)
|
151
|
+
# origin contains scheme+host and optionally port (ommitted if 80 or 443)
|
152
|
+
# ref. https://www.rfc-editor.org/rfc/rfc6454#section-6.1
|
150
153
|
origin = req.env["HTTP_ORIGIN"]
|
151
|
-
|
154
|
+
return false if origin.nil?
|
155
|
+
|
156
|
+
# strip scheme
|
157
|
+
origin = origin.strip.sub(/\A(\w+:)?\/\//, '')
|
158
|
+
return false if origin.empty?
|
159
|
+
|
160
|
+
# Rack's host and port helpers are reverse-proxy-aware; that
|
161
|
+
# is, they prefer the de-facto X-Forwarded-* headers if they're set
|
162
|
+
request_host = req.host
|
163
|
+
request_host << ":#{req.port}" if req.port != 80 && req.port != 443
|
164
|
+
|
165
|
+
origin != request_host
|
152
166
|
end
|
153
167
|
|
154
168
|
def verify_token(token)
|
data/lib/clerk/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: clerk-sdk-ruby
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.0.
|
4
|
+
version: 2.0.4
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Clerk
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2021-10-
|
11
|
+
date: 2021-10-25 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: faraday
|