clerk-sdk-ruby 2.0.1 → 2.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/lib/clerk/rack_middleware_v2.rb +14 -1
  3. data/lib/clerk/version.rb +1 -1
  4. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: a7c5c3acce169c08f7086a82fa9cca56744cfe3e04b38108d3ed0b67b513465c
4
- data.tar.gz: f6f7c462e1e20dc21aae755ba3d1415a532e064bd261bccd5b70326535771314
3
+ metadata.gz: 14a199089622ba34863506e79d0dc93dfe86f88c7d1d2c2543bb6b15fb5fd927
4
+ data.tar.gz: 58e580b74208bcc0da98492257975c9d155c39b0e1c9c1704fae04e9cbeec57e
5
5
  SHA512:
6
- metadata.gz: 9dff36e343ccaf010b311f24daaee819602ea1b1861b4aeece0961c417bc98ede1e9e70598cc4b41f83cd1a64a3114dd00b1df0cca321a380a3fe4b2e9049112
7
- data.tar.gz: b0cff1342e5175b4264258fcb581698d514ba693000d3165f7187b994f649b40c40b88033e2f383071f42db48752d2218413b49a310752def343d17d7f2c3ff6
6
+ metadata.gz: 2dec6b419ca2398552cfb9806b046acee03a5440d122e53fac73446863f52c04d1ffc5009fa3458d88774092b79de2d603b10fc5beb7b3ab6124a0137e2aa679
7
+ data.tar.gz: d92a5e3dbf790b9ad0459f3c209ab2721077075bd9c574523b4ce6f7b2f8d7b1023fcf33aa9f21572215db63eb270c1f68e51cd2d5ed501206ff664c1e5d6e25
data/lib/clerk/rack_middleware_v2.rb CHANGED
@@ -147,8 +147,21 @@ module Clerk
147
147
  end
148
148
 
149
149
  def cross_origin_request?(req)
150
+ # origin contains scheme+host and optionally port (ommitted if 80 or 443)
151
+ # ref. https://www.rfc-editor.org/rfc/rfc6454#section-6.1
150
152
  origin = req.env["HTTP_ORIGIN"]
151
- origin && origin.sub(/(^\w+:|^)\/\//, '') != req.host
153
+ return false if origin.nil?
154
+
155
+ # strip scheme
156
+ origin = origin.strip.sub(/(^\w+:|^)\/\//, '')
157
+ return false if origin.empty?
158
+
159
+ # Rack's host and port helpers are reverse-proxy-aware; that
160
+ # is, they prefer the de-facto X-Forwarded-* headers if they're set
161
+ request_host = req.host
162
+ request_host << ":#{req.port}" if req.port != 80 && req.port != 443
163
+
164
+ origin == request_host
152
165
  end
153
166
 
154
167
  def verify_token(token)
data/lib/clerk/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Clerk
4
- VERSION = "2.0.1"
4
+ VERSION = "2.0.2"
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: clerk-sdk-ruby
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.0.1
4
+ version: 2.0.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Clerk
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2021-10-21 00:00:00.000000000 Z
11
+ date: 2021-10-22 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: faraday