clerk-sdk-ruby 2.0.1 → 2.0.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/lib/clerk/rack_middleware_v2.rb +14 -1
  3. data/lib/clerk/version.rb +1 -1
  4. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: a7c5c3acce169c08f7086a82fa9cca56744cfe3e04b38108d3ed0b67b513465c
4
- data.tar.gz: f6f7c462e1e20dc21aae755ba3d1415a532e064bd261bccd5b70326535771314
3
+ metadata.gz: 14a199089622ba34863506e79d0dc93dfe86f88c7d1d2c2543bb6b15fb5fd927
4
+ data.tar.gz: 58e580b74208bcc0da98492257975c9d155c39b0e1c9c1704fae04e9cbeec57e
5
5
  SHA512:
6
- metadata.gz: 9dff36e343ccaf010b311f24daaee819602ea1b1861b4aeece0961c417bc98ede1e9e70598cc4b41f83cd1a64a3114dd00b1df0cca321a380a3fe4b2e9049112
7
- data.tar.gz: b0cff1342e5175b4264258fcb581698d514ba693000d3165f7187b994f649b40c40b88033e2f383071f42db48752d2218413b49a310752def343d17d7f2c3ff6
6
+ metadata.gz: 2dec6b419ca2398552cfb9806b046acee03a5440d122e53fac73446863f52c04d1ffc5009fa3458d88774092b79de2d603b10fc5beb7b3ab6124a0137e2aa679
7
+ data.tar.gz: d92a5e3dbf790b9ad0459f3c209ab2721077075bd9c574523b4ce6f7b2f8d7b1023fcf33aa9f21572215db63eb270c1f68e51cd2d5ed501206ff664c1e5d6e25
data/lib/clerk/rack_middleware_v2.rb CHANGED
@@ -147,8 +147,21 @@ module Clerk
147
147
  end
148
148
 
149
149
  def cross_origin_request?(req)
150
+ # origin contains scheme+host and optionally port (ommitted if 80 or 443)
151
+ # ref. https://www.rfc-editor.org/rfc/rfc6454#section-6.1
150
152
  origin = req.env["HTTP_ORIGIN"]
151
- origin && origin.sub(/(^\w+:|^)\/\//, '') != req.host
153
+ return false if origin.nil?
154
+
155
+ # strip scheme
156
+ origin = origin.strip.sub(/(^\w+:|^)\/\//, '')
157
+ return false if origin.empty?
158
+
159
+ # Rack's host and port helpers are reverse-proxy-aware; that
160
+ # is, they prefer the de-facto X-Forwarded-* headers if they're set
161
+ request_host = req.host
162
+ request_host << ":#{req.port}" if req.port != 80 && req.port != 443
163
+
164
+ origin == request_host
152
165
  end
153
166
 
154
167
  def verify_token(token)
data/lib/clerk/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Clerk
4
- VERSION = "2.0.1"
4
+ VERSION = "2.0.2"
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: clerk-sdk-ruby
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.0.1
4
+ version: 2.0.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Clerk
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2021-10-21 00:00:00.000000000 Z
11
+ date: 2021-10-22 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: faraday