clerk-sdk-ruby 2.0.1 → 2.0.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/clerk/rack_middleware_v2.rb +14 -1
- data/lib/clerk/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 14a199089622ba34863506e79d0dc93dfe86f88c7d1d2c2543bb6b15fb5fd927
|
4
|
+
data.tar.gz: 58e580b74208bcc0da98492257975c9d155c39b0e1c9c1704fae04e9cbeec57e
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 2dec6b419ca2398552cfb9806b046acee03a5440d122e53fac73446863f52c04d1ffc5009fa3458d88774092b79de2d603b10fc5beb7b3ab6124a0137e2aa679
|
7
|
+
data.tar.gz: d92a5e3dbf790b9ad0459f3c209ab2721077075bd9c574523b4ce6f7b2f8d7b1023fcf33aa9f21572215db63eb270c1f68e51cd2d5ed501206ff664c1e5d6e25
|
@@ -147,8 +147,21 @@ module Clerk
|
|
147
147
|
end
|
148
148
|
|
149
149
|
def cross_origin_request?(req)
|
150
|
+
# origin contains scheme+host and optionally port (ommitted if 80 or 443)
|
151
|
+
# ref. https://www.rfc-editor.org/rfc/rfc6454#section-6.1
|
150
152
|
origin = req.env["HTTP_ORIGIN"]
|
151
|
-
|
153
|
+
return false if origin.nil?
|
154
|
+
|
155
|
+
# strip scheme
|
156
|
+
origin = origin.strip.sub(/(^\w+:|^)\/\//, '')
|
157
|
+
return false if origin.empty?
|
158
|
+
|
159
|
+
# Rack's host and port helpers are reverse-proxy-aware; that
|
160
|
+
# is, they prefer the de-facto X-Forwarded-* headers if they're set
|
161
|
+
request_host = req.host
|
162
|
+
request_host << ":#{req.port}" if req.port != 80 && req.port != 443
|
163
|
+
|
164
|
+
origin == request_host
|
152
165
|
end
|
153
166
|
|
154
167
|
def verify_token(token)
|
data/lib/clerk/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: clerk-sdk-ruby
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.0.
|
4
|
+
version: 2.0.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Clerk
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2021-10-
|
11
|
+
date: 2021-10-22 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: faraday
|