clerk-sdk-ruby 2.0.0 → 2.0.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/clerk/rack_middleware_v2.rb +16 -2
- data/lib/clerk/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: e443f464076d7d267af214c5e2d12847aec0bf5bac6e80479736d02fbf92a8ae
|
4
|
+
data.tar.gz: a3b0457f1402594db56968d7af4e6dcc4674276f248083aad09f278530b22d57
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: dfb091cbe8eb5a88881db5294927eb849d20e8f802a6cac697f8c865328a5a29afe69e3467eb1c8aea74265f96ce8d4ca0d93d1533513c0c6f6aad1e32537463
|
7
|
+
data.tar.gz: 66e0af91ac94339b1b10f4507b936b9c38083cd1f5a9deb69cccfd8177e44c08f65d838e9bc00e8c543ac9396fffa19da7243eeb271ae203c3d2856ee3c5ba5f
|
@@ -66,7 +66,8 @@ module Clerk
|
|
66
66
|
@env = env
|
67
67
|
@req = Rack::Request.new(env)
|
68
68
|
@env["clerk"] = ProxyV2.new
|
69
|
-
@header_token = @req.env["HTTP_AUTHORIZATION"]
|
69
|
+
@header_token = @req.env["HTTP_AUTHORIZATION"]
|
70
|
+
@header_token = @header_token.strip.sub(/\ABearer /, '') if @header_token
|
70
71
|
@cookie_token = @req.cookies["__session"]
|
71
72
|
@client_uat = @req.cookies["__client_uat"]
|
72
73
|
|
@@ -147,8 +148,21 @@ module Clerk
|
|
147
148
|
end
|
148
149
|
|
149
150
|
def cross_origin_request?(req)
|
151
|
+
# origin contains scheme+host and optionally port (ommitted if 80 or 443)
|
152
|
+
# ref. https://www.rfc-editor.org/rfc/rfc6454#section-6.1
|
150
153
|
origin = req.env["HTTP_ORIGIN"]
|
151
|
-
|
154
|
+
return false if origin.nil?
|
155
|
+
|
156
|
+
# strip scheme
|
157
|
+
origin = origin.strip.sub(/\A(\w+:)?\/\//, '')
|
158
|
+
return false if origin.empty?
|
159
|
+
|
160
|
+
# Rack's host and port helpers are reverse-proxy-aware; that
|
161
|
+
# is, they prefer the de-facto X-Forwarded-* headers if they're set
|
162
|
+
request_host = req.host
|
163
|
+
request_host << ":#{req.port}" if req.port != 80 && req.port != 443
|
164
|
+
|
165
|
+
origin != request_host
|
152
166
|
end
|
153
167
|
|
154
168
|
def verify_token(token)
|
data/lib/clerk/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: clerk-sdk-ruby
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.0.
|
4
|
+
version: 2.0.4
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Clerk
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2021-10-
|
11
|
+
date: 2021-10-25 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: faraday
|