clerk-sdk-ruby 2.0.0 → 2.0.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/lib/clerk/rack_middleware_v2.rb +16 -2
  3. data/lib/clerk/version.rb +1 -1
  4. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 101f319b542b23eb2764f9b39179ad588093a0bd0fb2b8ca2a4efa38c3c4eb0d
4
- data.tar.gz: 510741253965164102b7efb2e3877fd150c4ad447cb78966cf6d1e30196462d3
3
+ metadata.gz: e443f464076d7d267af214c5e2d12847aec0bf5bac6e80479736d02fbf92a8ae
4
+ data.tar.gz: a3b0457f1402594db56968d7af4e6dcc4674276f248083aad09f278530b22d57
5
5
  SHA512:
6
- metadata.gz: 3cb5e38de99149778a0dfbb342a4b835fba0b1c29c2a44648ad0403d75160cbe23b384c15078623f6ff2d07a851a90516826ca6a8cdc583fe29cdc1d56b3c845
7
- data.tar.gz: 6dfc4009ec233845bf92b9a08be14a4e2f8ec3374ef0ffa717cf668e4479fdc4ae838e3797a6721eb1a328acacd27c3f538f477dec68f772da3ca074b14d17ff
6
+ metadata.gz: dfb091cbe8eb5a88881db5294927eb849d20e8f802a6cac697f8c865328a5a29afe69e3467eb1c8aea74265f96ce8d4ca0d93d1533513c0c6f6aad1e32537463
7
+ data.tar.gz: 66e0af91ac94339b1b10f4507b936b9c38083cd1f5a9deb69cccfd8177e44c08f65d838e9bc00e8c543ac9396fffa19da7243eeb271ae203c3d2856ee3c5ba5f
data/lib/clerk/rack_middleware_v2.rb CHANGED
@@ -66,7 +66,8 @@ module Clerk
66
66
  @env = env
67
67
  @req = Rack::Request.new(env)
68
68
  @env["clerk"] = ProxyV2.new
69
- @header_token = @req.env["HTTP_AUTHORIZATION"]&.strip
69
+ @header_token = @req.env["HTTP_AUTHORIZATION"]
70
+ @header_token = @header_token.strip.sub(/\ABearer /, '') if @header_token
70
71
  @cookie_token = @req.cookies["__session"]
71
72
  @client_uat = @req.cookies["__client_uat"]
72
73
 
@@ -147,8 +148,21 @@ module Clerk
147
148
  end
148
149
 
149
150
  def cross_origin_request?(req)
151
+ # origin contains scheme+host and optionally port (ommitted if 80 or 443)
152
+ # ref. https://www.rfc-editor.org/rfc/rfc6454#section-6.1
150
153
  origin = req.env["HTTP_ORIGIN"]
151
- origin && origin != req.host
154
+ return false if origin.nil?
155
+
156
+ # strip scheme
157
+ origin = origin.strip.sub(/\A(\w+:)?\/\//, '')
158
+ return false if origin.empty?
159
+
160
+ # Rack's host and port helpers are reverse-proxy-aware; that
161
+ # is, they prefer the de-facto X-Forwarded-* headers if they're set
162
+ request_host = req.host
163
+ request_host << ":#{req.port}" if req.port != 80 && req.port != 443
164
+
165
+ origin != request_host
152
166
  end
153
167
 
154
168
  def verify_token(token)
data/lib/clerk/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Clerk
4
- VERSION = "2.0.0"
4
+ VERSION = "2.0.4"
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: clerk-sdk-ruby
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.0.0
4
+ version: 2.0.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - Clerk
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2021-10-21 00:00:00.000000000 Z
11
+ date: 2021-10-25 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: faraday