perimeter_x 2.1.0 → 2.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d65b91dbf3bdf1829dbfe7b1d44677d86ecde223bc0bd614618d1a9b1a188e84
-  data.tar.gz: 473dc3f4a54232d59c2f89dcc6a1bddbb6a95de0268fddf53cfa28b47e8653d6
+  metadata.gz: 7321ac61fcf5c1b2b8a573eb23744d807e0af5e430a3468cb4704e8d36c7f8a9
+  data.tar.gz: 5bd64b4340535a52d2f91db99cabb673693dec8dbf1526dd00d2aa200743a444
 SHA512:
-  metadata.gz: a89194401d9a60cd41fdb524724329bee547285742c218ffd157337203090ab66f4992fed517389868c639fea175a9c3561663b81b2463a9b1f3fb0011391e7b
-  data.tar.gz: 428757d1a7dafc96543a125db63a8a2c7639ba27673f96bd5222b1628bafcd117f26d1fefb8041179f30e89f5ea286454ebbfb897b0d81d54e5be2be24d6fb8e
+  metadata.gz: 3037218a40b007fd7a0aaf93c6fe2e367b622042f2653c2e08e3c9a5d53d12d0107374d81e841d46e9320562d95c2ac4957040d7cb3a932c971ab2a1ff16aed2
+  data.tar.gz: 5de6563d962cee1d9ba90ac370ecb4a0a8679dfab9a1ab69b2dbcfaafe54d3ce05b12f31b8c57f1a5b129299e215dd0e8f7e488bbadf03308099104ec7f2ab60

data/LICENSE.txt

@@ -1,4 +1,4 @@
-Copyright © 2016 PerimeterX, Inc.
+Copyright © 2022 PerimeterX, Inc.
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

data/changelog.md

@@ -5,6 +5,24 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/)
 and this project adheres to [Semantic Versioning](http://semver.org/).
 
+## [2.3.0] - 2022-04-10
+
+### Added
+
+- Custom logo in block JSON response
+
+### Changed
+
+- Updated block page to use new template
+
+## [2.2.1] - 2020-09-27
+### Fixed
+ - bypass_monitor_header type validation
+
+## [2.2.0] - 2020-09-15
+### Added
+ - First Party
+
 ## [2.1.0] - 2020-09-01
 ### Added
  - Added option to set a different px configuration on each request

data/lib/perimeter_x.rb

@@ -12,13 +12,23 @@ require 'perimeterx/internal/clients/perimeter_x_activity_client'
 require 'perimeterx/internal/validators/perimeter_x_s2s_validator'
 require 'perimeterx/internal/validators/perimeter_x_cookie_validator'
 require 'perimeterx/internal/exceptions/px_config_exception'
+require 'perimeterx/internal/first_party/px_first_party'
 
 module PxModule
   # Module expose API
   def px_verify_request(request_config={})    
     begin
       px_instance = PerimeterX.new(request_config)
-      px_ctx = px_instance.verify(request.env)
+      req = ActionDispatch::Request.new(request.env)
+
+      # handle first party requests
+      if px_instance.first_party.is_first_party_request(req)
+        render_first_party_response(req, px_instance)
+        return true
+      end
+
+      # verify request
+      px_ctx = px_instance.verify(req)
       px_config = px_instance.px_config
 
       msg_title = 'PxModule[px_verify_request]'
@@ -47,11 +57,23 @@ module PxModule
 
           is_mobile = px_ctx.context[:cookie_origin] == 'header' ? '1' : '0'
           action = px_ctx.context[:block_action][0,1]
-
-          px_template_object = {
-            block_script: "//#{PxModule::CAPTCHA_HOST}/#{px_config[:app_id]}/captcha.js?a=#{action}&u=#{px_ctx.context[:uuid]}&v=#{px_ctx.context[:vid]}&m=#{is_mobile}",
-            js_client_src: "//#{PxModule::CLIENT_HOST}/#{px_config[:app_id]}/main.min.js"
-          }
+          block_script_uri = "/captcha.js?a=#{action}&u=#{px_ctx.context[:uuid]}&v=#{px_ctx.context[:vid]}&m=#{is_mobile}"
+
+          if px_config[:first_party_enabled]
+            px_template_object = {
+            js_client_src:  "/#{px_config[:app_id][2..-1]}/init.js",
+            block_script: "/#{px_config[:app_id][2..-1]}/captcha/#{px_config[:app_id]}#{block_script_uri}",
+            host_url: "/#{px_config[:app_id][2..-1]}/xhr",
+            alt_block_script: "//#{PxModule::ALT_CAPTCHA_HOST}/#{px_config[:app_id]}#{block_script_uri}"
+            }
+          else
+            px_template_object = {
+            js_client_src: "//#{PxModule::CLIENT_HOST}/#{px_config[:app_id]}/main.min.js",
+            block_script: "//#{PxModule::CAPTCHA_HOST}/#{px_config[:app_id]}#{block_script_uri}",
+            host_url: "https://collector-#{px_config[:app_id]}.perimeterx.net",
+            alt_block_script: "//#{PxModule::ALT_CAPTCHA_HOST}/#{px_config[:app_id]}#{block_script_uri}"
+            }
+          end
 
           html = PxTemplateFactory.get_template(px_ctx, px_config, px_template_object)
 
@@ -68,11 +90,13 @@ module PxModule
               hash_json = {
                   :appId => px_config[:app_id],
                   :jsClientSrc => px_template_object[:js_client_src],
-                  :firstPartyEnabled => false,
+                  :firstPartyEnabled => px_ctx.context[:first_party_enabled],
                   :uuid => px_ctx.context[:uuid],
                   :vid => px_ctx.context[:vid],
                   :hostUrl => "https://collector-#{px_config[:app_id]}.perimeterx.net",
                   :blockScript => px_template_object[:block_script],
+                  :altBlockScript => px_template_object[:alt_block_script],
+                  :customLogo => px_config[:custom_logo]
               }
 
               render :json => hash_json
@@ -110,6 +134,29 @@ module PxModule
     end
   end
 
+  def render_first_party_response(req, px_instance)
+    fp = px_instance.first_party
+    px_config = px_instance.px_config
+    
+    if px_config[:first_party_enabled]
+      # first party enabled - proxy response
+      fp_response = fp.send_first_party_request(req)
+      response.status = fp_response.code
+      fp_response.to_hash.each do |header_name, header_value_arr| 
+        if header_name!="content-length"
+          response.headers[header_name] = header_value_arr[0]
+        end
+      end
+      res_type = fp.get_response_content_type(req)
+      render res_type => fp_response.body
+    else
+      # first party disabled - return empty response
+      response.status = 200
+      res_type = fp.get_response_content_type(req)
+      render res_type => ""
+    end
+  end
+
   def self.configure(basic_config)
     PerimeterX.set_basic_config(basic_config)
   end
@@ -119,6 +166,7 @@ module PxModule
   class PerimeterX
 
     attr_reader :px_config
+    attr_reader :first_party
     attr_accessor :px_http_client
     attr_accessor :px_activity_client
 
@@ -128,7 +176,7 @@ module PxModule
     end
 
     #Instance Methods
-    def verify(env)
+    def verify(req)
       begin
 
         # check module_enabled 
@@ -137,13 +185,11 @@ module PxModule
           @logger.warn('Module is disabled')
           return nil
         end
-
-        req = ActionDispatch::Request.new(env)
         
         # filter whitelist routes
         url_path = URI.parse(req.original_url).path
         if url_path && !url_path.empty?
-          if check_whitelist_routes(px_config[:whitelist_routes], url_path)
+          if check_whitelist_routes(px_config[:whitelist_routes], url_path) 
             @logger.debug("PerimeterX[pxVerify]: whitelist route: #{url_path}")
             return nil
           end
@@ -176,6 +222,7 @@ module PxModule
       @px_http_client = PxHttpClient.new(@px_config)
 
       @px_activity_client = PerimeterxActivitiesClient.new(@px_config, @px_http_client)
+      @first_party = FirstPartyManager.new(@px_config, @px_http_client, @logger)
 
       @px_cookie_validator = PerimeterxCookieValidator.new(@px_config)
       @px_s2s_validator = PerimeterxS2SValidator.new(@px_config, @px_http_client)

data/lib/perimeterx/configuration.rb

@@ -30,7 +30,8 @@ module PxModule
       :ip_headers                   => [],
       :ip_header_function           => nil,
       :bypass_monitor_header        => nil,
-      :risk_cookie_max_iterations   => 5000
+      :risk_cookie_max_iterations   => 5000,
+      :first_party_enabled          => true
     }
 
     CONFIG_SCHEMA = {
@@ -53,14 +54,16 @@ module PxModule
       :whitelist_routes             => {types: [Array], allowed_element_types: [String, Regexp], required: false},
       :ip_headers                   => {types: [Array], allowed_element_types: [String], required: false},
       :ip_header_function           => {types: [Proc], required: false},
-      :bypass_monitor_header        => {types: [FalseClass, TrueClass], required: false},
+      :bypass_monitor_header        => {types: [String], required: false},
       :risk_cookie_max_iterations   => {types: [Integer], required: false},
       :custom_verification_handler  => {types: [Proc], required: false},
       :additional_activity_handler  => {types: [Proc], required: false},
       :custom_logo                  => {types: [String], required: false},
       :css_ref                      => {types: [String], required: false},
       :js_ref                       => {types: [String], required: false},
-      :custom_uri                   => {types: [Proc], required: false}
+      :custom_uri                   => {types: [Proc], required: false},
+      :first_party_enabled          => {types: [FalseClass, TrueClass], required: false}
+
     }
 
     def self.set_basic_config(basic_config)

data/lib/perimeterx/internal/first_party/px_first_party.rb

@@ -0,0 +1,124 @@
+require 'perimeterx/internal/perimeter_x_context'
+module PxModule
+    class FirstPartyManager
+        def initialize(px_config, px_http_client, logger)
+            @px_config = px_config
+            @app_id = px_config[:app_id]
+            @px_http_client = px_http_client
+            @logger = logger
+            @from = [
+                "/#{@app_id[2..-1]}/init.js",
+                "/#{@app_id[2..-1]}/captcha",
+                "/#{@app_id[2..-1]}/xhr"
+            ]
+        end
+
+        def send_first_party_request(req)
+            uri = URI.parse(req.original_url)
+            url_path = uri.path
+            
+            headers = extract_headers(req)
+            headers["x-px-first-party"] = "1"
+            headers["x-px-enforcer-true-ip"] = PerimeterXContext.extract_ip(req, @px_config)
+
+            if url_path.start_with?(@from[0])
+                return get_client(req, uri, headers)
+            elsif url_path.start_with?(@from[1]) 
+                return get_captcha(req, uri, headers)
+            elsif url_path.start_with?(@from[2])
+                return send_xhr(req, uri, headers)
+            else
+                return nil
+            end
+        end
+
+        def get_client(req, uri, headers)
+            @logger.debug("FirstPartyManager[get_client]")
+            
+            # define host
+            headers["host"] = PxModule::CLIENT_HOST
+            
+            # define request url
+            url = "#{uri.scheme}://#{PxModule::CLIENT_HOST}/#{@app_id}/main.min.js"
+            
+            # send request
+            return @px_http_client.get(url, headers)
+        end
+
+        def get_captcha(req, uri, headers)
+            @logger.debug("FirstPartyManager[get_captcha]")
+            
+            # define host
+            headers["host"] = PxModule::CAPTCHA_HOST
+
+            # define request url
+            path_and_query = uri.request_uri
+            uri_suffix = path_and_query.sub "/#{@app_id[2..-1]}/captcha", ""
+            url = "#{uri.scheme}://#{PxModule::CAPTCHA_HOST}#{uri_suffix}"
+
+            # send request
+            return @px_http_client.get(url, headers)
+        end
+        
+        def send_xhr(req, uri, headers)
+            @logger.debug("FirstPartyManager[send_xhr]")
+
+            # handle vid cookies
+            if !req.cookies.nil?
+                if req.cookies.key?("_pxvid")
+                    vid = PerimeterXContext.force_utf8(req.cookies["_pxvid"])
+                    if headers.key?('cookie')
+                        headers['cookie'] += "; pxvid=#{vid}";
+                    else
+                        headers['cookie'] = "pxvid=#{vid}";
+                    end
+                end
+            end
+
+            # define host
+            headers["host"] = "collector-#{@app_id.downcase}.perimeterx.net"
+            
+            # define request url
+            path_and_query = uri.request_uri
+            path_suffix = path_and_query.sub "/#{@app_id[2..-1]}/xhr", ""
+            url = "#{uri.scheme}://collector-#{@app_id.downcase}.perimeterx.net#{path_suffix}"
+
+            # send request
+            return @px_http_client.post_xhr(url, req.body.string, headers)
+        end
+
+        def extract_headers(req)
+            headers = Hash.new
+            req.headers.each do |k, v|
+                if (k.start_with? 'HTTP_') && (!@px_config[:sensitive_headers].include? k)
+                    header = k.to_s.gsub('HTTP_', '')
+                    header = header.gsub('_', '-').downcase
+                    headers[header] = PerimeterXContext.force_utf8(v)
+                end
+            end
+            return headers
+        end
+
+        # -1 - not first party request
+        # 0 - /init.js
+        # 1 - /captcha
+        # 2 - /xhr
+        def get_first_party_request_type(req)
+            url_path = URI.parse(req.original_url).path
+            @from.each_with_index do |val,index|
+                if url_path.start_with?(val)
+                    return index
+                end
+            end
+            return -1
+        end
+
+        def is_first_party_request(req)
+            return get_first_party_request_type(req) != -1
+        end
+
+        def get_response_content_type(req)
+            return get_first_party_request_type(req) == 2 ? :json : :js
+        end
+    end
+end

data/lib/perimeterx/internal/perimeter_x_context.rb

@@ -6,6 +6,28 @@ module PxModule
 
     attr_accessor :context
     attr_accessor :px_config
+    
+    # class methods
+
+    def self.extract_ip(req, px_config)
+      # Get IP from header/custom function
+      if px_config[:ip_headers].length() > 0
+        px_config[:ip_headers].each do |ip_header|
+          if req.headers[ip_header]
+            return PerimeterXContext.force_utf8(req.headers[ip_header])
+          end
+        end
+      elsif px_config[:ip_header_function] != nil
+        return px_config[:ip_header_function].call(req) 
+      end      
+      return req.ip
+    end
+
+    def self.force_utf8(str)
+      return str.encode('UTF-8', 'binary', invalid: :replace, undef: :replace, replace: '')
+    end
+
+    # instance methods
 
     def initialize(px_config, req)
       @logger = px_config[:logger]
@@ -16,33 +38,22 @@ module PxModule
       @context[:headers] = Hash.new
       @context[:cookie_origin] = 'cookie'
       @context[:made_s2s_risk_api_call] = false
+      @context[:first_party_enabled] = px_config[:first_party_enabled]
+      
       cookies = req.cookies
 
-      # Get IP from header/custom function
-      if px_config[:ip_headers].length() > 0
-        px_config[:ip_headers].each do |ip_header|
-          if req.headers[ip_header]
-            @context[:ip]  = force_utf8(req.headers[ip_header])
-          end
-        end
-      elsif px_config[:ip_header_function] != nil
-        @context[:ip] = px_config[:ip_header_function].call(req)
-      end
-
-      if @context[:ip] == nil
-        @context[:ip] = req.ip
-      end
+      @context[:ip] = PerimeterXContext.extract_ip(req, px_config)
 
       # Get token from header
       if req.headers[PxModule::TOKEN_HEADER]
         @context[:cookie_origin] = 'header'
-        token = force_utf8(req.headers[PxModule::TOKEN_HEADER])
+        token = PerimeterXContext.force_utf8(req.headers[PxModule::TOKEN_HEADER])
         if token.match(PxModule::MOBILE_TOKEN_V3_REGEX)
           @context[:px_cookie][:v3] = token[2..-1]
         elsif token.match(PxModule::MOBILE_ERROR_REGEX)
           @context[:mobile_error] = token
           if req.headers[PxModule::ORIGINAL_TOKEN_HEADER]
-            token = force_utf8(req.headers[PxModule::ORIGINAL_TOKEN_HEADER])
+            token = PerimeterXContext.force_utf8(req.headers[PxModule::ORIGINAL_TOKEN_HEADER])
             if token.match(PxModule::MOBILE_TOKEN_V3_REGEX)
               @context[:px_cookie][:v3] = token[2..-1]
             end
@@ -53,13 +64,13 @@ module PxModule
         cookies.each do |k, v|
           case k.to_s
             when '_px3'
-              @context[:px_cookie][:v3] = force_utf8(v)
+              @context[:px_cookie][:v3] = PerimeterXContext.force_utf8(v)
             when '_px'
-              @context[:px_cookie][:v1] = force_utf8(v)
+              @context[:px_cookie][:v1] = PerimeterXContext.force_utf8(v)
             when '_pxvid'
               if v.is_a?(String) && v.match(PxModule::VID_REGEX)
                 @context[:vid_source] = "vid_cookie"
-                @context[:vid] = force_utf8(v)
+                @context[:vid] = PerimeterXContext.force_utf8(v)
               end
           end
         end #end case
@@ -69,10 +80,10 @@ module PxModule
         if (k.start_with? 'HTTP_')
           header = k.to_s.gsub('HTTP_', '')
           header = header.gsub('_', '-').downcase
-          @context[:headers][header.to_sym] = force_utf8(v)
+          @context[:headers][header.to_sym] = PerimeterXContext.force_utf8(v)
         end
       end #end headers foreach
-
+      
       @context[:hostname]= req.server_name
       @context[:user_agent] = req.user_agent ? req.user_agent : ''
       @context[:uri] = px_config[:custom_uri] ? px_config[:custom_uri].call(req)  : req.fullpath 
@@ -97,10 +108,6 @@ module PxModule
     false
 	end
 
-  def force_utf8(str)
-    return str.encode('UTF-8', 'binary', invalid: :replace, undef: :replace, replace: '')
-  end
-
     def set_block_action_type(action)
       @context[:block_action] = case action
         when 'c'

data/lib/perimeterx/utils/px_constants.rb

@@ -36,18 +36,19 @@ module PxModule
   PROP_APP_ID = :appId
   PROP_VID = :vid
   PROP_UUID = :uuid
-  PROP_LOGO_VISIBILITY = :logoVisibility
   PROP_CUSTOM_LOGO = :customLogo
   PROP_CSS_REF = :cssRef
   PROP_JS_REF = :jsRef
   PROP_BLOCK_SCRIPT = :blockScript
+  PROP_ALT_BLOCK_SCRIPT = :altBlockScript
   PROP_JS_CLIENT_SRC = :jsClientSrc
   PROP_HOST_URL = :hostUrl
   PROP_FIRST_PARTY_ENABLED = :firstPartyEnabled
 
   # Hosts
-  CLIENT_HOST = 'client.px-cloud.net'
-  CAPTCHA_HOST = 'captcha.px-cloud.net'
+  CLIENT_HOST = 'client.perimeterx.net'
+  CAPTCHA_HOST = 'captcha.px-cdn.net'
+  ALT_CAPTCHA_HOST = 'captcha.px-cloud.net'
 
   VISIBLE = 'visible'
   HIDDEN = 'hidden'

data/lib/perimeterx/utils/px_http_client.rb

@@ -1,6 +1,7 @@
 require 'perimeterx/utils/px_logger'
 require 'typhoeus'
 require 'concurrent'
+require 'net/http'
 
 module PxModule
   class PxHttpClient
@@ -45,5 +46,61 @@ module PxModule
       return response
     end
 
+
+    def post_xhr(url, body, headers)
+      s = Time.now
+      begin
+        @logger.debug("PxHttpClient[post]: sending xhr post request to #{url} with headers {#{headers.to_json()}}")
+        
+        #set url
+        uri = URI(url)
+        req = Net::HTTP::Post.new(uri)
+        
+        # set body
+        req.body=body
+        
+        # set headers
+        headers.each do |key, value|
+          req[key] = value
+        end
+        
+        # send request   
+        response = Net::HTTP.start(uri.hostname, uri.port) {|http|
+          http.request(req)
+        }
+
+      ensure
+        e = Time.now
+        @logger.debug("PxHttpClient[get]: runtime: #{(e-s) * 1000.0}")
+      end
+      return response
+    end
+
+
+    def get(url, headers)
+      s = Time.now
+      begin
+        @logger.debug("PxHttpClient[get]: sending get request to #{url} with headers {#{headers.to_json()}}")
+        
+        #set url
+        uri = URI(url)
+        req = Net::HTTP::Get.new(uri)
+        
+        # set headers
+        headers.each do |key, value|
+          req[key] = value
+        end
+        
+        # send request   
+        response = Net::HTTP.start(uri.hostname, uri.port) {|http|
+          http.request(req)
+        }
+        
+      ensure
+        e = Time.now
+        @logger.debug("PxHttpClient[get]: runtime: #{(e-s) * 1000.0}")
+      end
+      return response
+    end
   end
 end

data/lib/perimeterx/utils/px_template_factory.rb

@@ -6,7 +6,7 @@ module PxModule
     def self.get_template(px_ctx, px_config, px_template_object)
       logger = px_config[:logger]
       if (px_config[:challenge_enabled] && px_ctx.context[:block_action] == 'challenge')
-        logger.debug('PxTemplateFactory[get_template]: px challange triggered')
+        logger.debug('PxTemplateFactory[get_template]: px challenge triggered')
         return px_ctx.context[:block_action_data].html_safe
       end
 
@@ -23,17 +23,16 @@ module PxModule
       Mustache.template_file =  "#{File.dirname(__FILE__) }/templates/#{template_type}#{PxModule::TEMPLATE_EXT}"
 
       view[PxModule::PROP_APP_ID] = px_config[:app_id]
-      view[PxModule::PROP_REF_ID] = px_ctx.context[:uuid]
       view[PxModule::PROP_VID] = px_ctx.context[:vid]
       view[PxModule::PROP_UUID] = px_ctx.context[:uuid]
       view[PxModule::PROP_CUSTOM_LOGO] = px_config[:custom_logo]
       view[PxModule::PROP_CSS_REF] = px_config[:css_ref]
       view[PxModule::PROP_JS_REF] = px_config[:js_ref]
-      view[PxModule::PROP_HOST_URL] = "https://collector-#{px_config[:app_id]}.perimeterx.net"
-      view[PxModule::PROP_LOGO_VISIBILITY] = px_config[:custom_logo] ? PxModule::VISIBLE : PxModule::HIDDEN
+      view[PxModule::PROP_HOST_URL] = px_template_object[:host_url]
       view[PxModule::PROP_BLOCK_SCRIPT] = px_template_object[:block_script]
+      view[PxModule::PROP_ALT_BLOCK_SCRIPT] = px_template_object[:alt_block_script]
       view[PxModule::PROP_JS_CLIENT_SRC] = px_template_object[:js_client_src]
-      view[PxModule::PROP_FIRST_PARTY_ENABLED] = false
+      view[PxModule::PROP_FIRST_PARTY_ENABLED] = px_ctx.context[:first_party_enabled]
 
       return view.render.html_safe
     end

data/lib/perimeterx/utils/templates/block_template.mustache

@@ -3,173 +3,42 @@
 <head>
     <meta charset="utf-8">
     <meta name="viewport" content="width=device-width, initial-scale=1">
-    <title>Access to this page has been denied.</title>
-    <link href="https://fonts.googleapis.com/css?family=Open+Sans:300" rel="stylesheet">
-    <style>
-        html, body {
-            margin: 0;
-            padding: 0;
-            font-family: 'Open Sans', sans-serif;
-            color: #000;
-        }
-
-        a {
-            color: #c5c5c5;
-            text-decoration: none;
-        }
-
-        .container {
-            align-items: center;
-            display: flex;
-            flex: 1;
-            justify-content: space-between;
-            flex-direction: column;
-            height: 100%;
-        }
-
-        .container > div {
-            width: 100%;
-            display: flex;
-            justify-content: center;
-        }
-
-        .container > div > div {
-            display: flex;
-            width: 80%;
-        }
-
-        .customer-logo-wrapper {
-            padding-top: 2rem;
-            flex-grow: 0;
-            background-color: #fff;
-            visibility: {{logoVisibility}};
-        }
-
-        .customer-logo {
-            border-bottom: 1px solid #000;
-        }
-
-        .customer-logo > img {
-            padding-bottom: 1rem;
-            max-height: 50px;
-            max-width: 100%;
-        }
-
-        .page-title-wrapper {
-            flex-grow: 2;
-        }
-
-        .page-title {
-            flex-direction: column-reverse;
-        }
-
-        .content-wrapper {
-            flex-grow: 5;
-        }
-
-        .content {
-            flex-direction: column;
-        }
-
-        .page-footer-wrapper {
-            align-items: center;
-            flex-grow: 0.2;
-            background-color: #000;
-            color: #c5c5c5;
-            font-size: 70%;
-        }
-
-        @media (min-width: 768px) {
-            html, body {
-                height: 100%;
-            }
-        }
-    </style>
-    <!-- Custom CSS -->
+    <meta name="description" content="px-captcha">
+    <title>Access to this page has been denied</title>
     {{#cssRef}}
         <link rel="stylesheet" type="text/css" href="{{{cssRef}}}"/>
     {{/cssRef}}
 </head>
-
 <body>
-<section class="container">
-    <div class="customer-logo-wrapper">
-        <div class="customer-logo">
-            <img src="{{customLogo}}" alt="Logo"/>
-        </div>
-    </div>
-    <div class="page-title-wrapper">
-        <div class="page-title">
-            <h1>Please verify you are a human</h1>
-        </div>
-    </div>
-    <div class="content-wrapper">
-        <div class="content">
-
-            <div id="px-captcha">
-            </div>
-            <p>
-                Access to this page has been denied because we believe you are using automation tools to browse the
-                website.
-            </p>
-            <p>
-                This may happen as a result of the following:
-            </p>
-            <ul>
-                <li>
-                    Javascript is disabled or blocked by an extension (ad blockers for example)
-                </li>
-                <li>
-                    Your browser does not support cookies
-                </li>
-            </ul>
-            <p>
-                Please make sure that Javascript and cookies are enabled on your browser and that you are not blocking
-                them from loading.
-            </p>
-            <p>
-                Reference ID: #{{refId}}
-            </p>
-        </div>
-    </div>
-    <div class="page-footer-wrapper">
-        <div class="page-footer">
-            <p>
-                Powered by
-                <a href="https://www.perimeterx.com/whywasiblocked">PerimeterX</a>
-                , Inc.
-            </p>
-        </div>
-    </div>
-</section>
-<!-- Px -->
-<script>
-    window._pxAppId = '{{appId}}';
-    window._pxJsClientSrc = '{{{jsClientSrc}}}';
-    window._pxFirstPartyEnabled = {{firstPartyEnabled}};
-    window._pxVid = '{{vid}}';
-    window._pxUuid = '{{uuid}}';
-    window._pxHostUrl = '{{{hostUrl}}}';
-</script>
-<script>
-    var s = document.createElement('script');
-    s.src = '{{{blockScript}}}';
-    var p = document.getElementsByTagName('head')[0];
-    p.insertBefore(s, null);
-    if ({{firstPartyEnabled}}) {
-        s.onerror = function () {
-            s = document.createElement('script');
-            var suffixIndex = '{{{blockScript}}}'.indexOf('captcha.js');
-            var temperedBlockScript = '{{{blockScript}}}'.substring(suffixIndex);
-            s.src = '//captcha.px-cdn.net/{{appId}}/' + temperedBlockScript;
-            p.parentNode.insertBefore(s, p);
+    <script>
+        window._pxVid = '{{vid}}';
+        window._pxUuid = '{{uuid}}';
+        window._pxAppId = '{{appId}}';
+        window._pxCustomLogo = '{{customLogo}}';
+        window._pxHostUrl = '{{hostUrl}}';
+        window._pxJsClientSrc = '{{jsClientSrc}}';
+        window._pxFirstPartyEnabled = {{firstPartyEnabled}};
+        var script = document.createElement('script');
+        script.src = '{{blockScript}}';
+        document.head.appendChild(script);
+        script.onerror = function () {
+            script = document.createElement('script');
+            script.src = '{{altBlockScript}}';
+            script.onerror = window._pxDisplayErrorMessage;
+            document.head.appendChild(script);
         };
-    }
-</script>
-
-<!-- Custom Script -->
-{{#jsRef}}
-    <script src="{{{jsRef}}}"></script>
-{{/jsRef}}
+        window._pxDisplayErrorMessage = function () {
+            var style = document.createElement('style');
+            style.innerText = '@import url(https://fonts.googleapis.com/css2?family=Roboto:ital,wght@0,100;0,300;0,400;0,500;0,700;0,900;1,100;1,300;1,400;1,500;1,700;1,900&display=swap);body{background-color:#fafbfc}@media (max-width:480px){body{background-color:#fff}}.px-captcha-error-container{position:fixed;height:328px;background-color:#fff;font-family:Roboto,sans-serif}.px-captcha-error-header{color:#f0f1f2;font-size:29px;margin:67px 0 33px;font-weight:500;line-height:.83;text-align:center}.px-captcha-error-message{color:#f0f1f2;font-size:18px;margin:0 0 29px;line-height:1.33;text-align:center}div.px-captcha-error-button{text-align:center;line-height:50px;width:253px;margin:auto;border-radius:25px;border:solid 1px #f0f1f2;font-size:20px;color:#f0f1f2}div.px-captcha-error-wrapper{margin:23px 0 0}div.px-captcha-error{margin:auto;text-align:center;width:400px;height:30px;font-size:12px;background-color:#fcf0f2;color:#ce0e2d}img.px-captcha-error{margin:6px 10px -2px 0}@media (min-width:620px){.px-captcha-error-container{width:528px;top:50%;left:50%;margin-top:-164px;margin-left:-264px;border-radius:3px;box-shadow:0 2px 9px -1px rgba(0,0,0,.13)}}@media (min-width:481px) and (max-width:620px){.px-captcha-error-container{width:85%;top:50%;left:50%;margin-top:-164px;margin-left:-42.5%;border-radius:3px;box-shadow:0 2px 9px -1px rgba(0,0,0,.13)}}@media (max-width:480px){.px-captcha-error-container{width:528px;top:50%;left:50%;margin-top:-164px;margin-left:-264px}}';
+            document.head.appendChild(style);
+            var div = document.createElement('div');
+            div.className = 'px-captcha-error-container';
+            div.innerHTML = '<div class="px-captcha-error-header">Before we continue...</div><div class="px-captcha-error-message">Press & Hold to confirm you are<br>a human (and not a bot).</div><div class="px-captcha-error-button">Press & Hold</div><div class="px-captcha-error-wrapper"><div class="px-captcha-error"><img class="px-captcha-error" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABMAAAAQCAMAAADDGrRQAAAABGdBTUEAALGPC/xhBQAAAAFzUkdCAK7OHOkAAABFUExURUdwTNYELOEGONQILd0AONwALtwEL+AAL9MFLfkJSNQGLdMJLdQJLdQGLdQKLtYFLNcELdUGLdcBL9gFL88OLdUFLNEOLglBhT4AAAAXdFJOUwC8CqgNIRgRoAS1dWWuR4RTjzgryZpYblfkcAAAAI9JREFUGNNdj+sWhCAIhAdvqGVa1r7/oy6RZ7eaH3D4ZACBIed9wlOOMtUnSrEmZ6cHa9YAIfsbCkWrdpi/c50Bk2CO9mNLdMAu03wJA3HpEnfpxbyOg6ruyx8JJi6KNstnslp1dbPd9GnqmuYq7mmcv1zjnbQw8cV0xzkqo+fX1zkjUOO7wnrInUTxJiruC3vtBNRoQQn2AAAAAElFTkSuQmCC">Please check your network connection or disable your ad-blocker.</div></div>';
+            document.body.appendChild(div);
+        };
+    </script>
+    {{#jsRef}}
+        <script src="{{{jsRef}}}"></script>
+    {{/jsRef}}
 </body>
-</html>
+</html>

data/lib/perimeterx/version.rb

@@ -1,3 +1,3 @@
 module PxModule
-  VERSION = '2.1.0'
+  VERSION = '2.3.0'
 end

data/px_metadata.json

@@ -0,0 +1,28 @@
+{
+    "version": "2.3.0",
+    "supported_features": [
+        "additional_activity_handler",
+        "advanced_blocking_response",
+        "batched_activities",
+        "block_activity",
+        "block_page_captcha",
+        "block_page_rate_limit",
+        "bypass_monitor_header",
+        "client_ip_extraction",
+        "cookie_v3",
+        "css_ref",
+        "custom_logo",
+        "logger",
+        "filter_by_route",
+        "first_party",
+        "js_ref",
+        "mobile_support",
+        "module_enable",
+        "module_mode",
+        "page_requested_activity",
+        "vid_extraction",
+        "risk_api",
+        "sensitive_headers",
+        "sensitive_routes"
+    ]
+}

data/readme.md

@@ -5,7 +5,7 @@
 [PerimeterX](http://www.perimeterx.com) Ruby SDK
 =============================================================
 
-> Latest stable version: [v2.1.0](https://rubygems.org/gems/perimeter_x)
+> Latest stable version: [v2.3.0](https://rubygems.org/gems/perimeter_x)
 
 Table of Contents
 -----------------
@@ -19,8 +19,6 @@ Table of Contents
   *   [Blocking Score](#blocking-score)
   *   [Custom Verification Action](#custom-verification-action)
   *   [Custom Block Page](#custom-block-page)
-  *   [Enable/Disable Captcha](#captcha-support)
-  *   [Select Captcha Provider](#captcha-provider)
   *   [Extracting Real IP Address](#real-ip)
   *   [Custom URI](#custom-uri)
   *   [Filter Sensitive Headers](#sensitive-headers)
@@ -31,7 +29,9 @@ Table of Contents
   *   [Debug Mode](#debug-mode)
   *   [Whitelist Routes](#whitelist-routes)
   *   [Update Configuration on Runtime](#update-config)
+  *   [First Party](#first-party)
   
+  **[Additional Information](#additional-information)**
   **[Contributing](#contributing)**
 
 <a name="Usage"></a>
@@ -224,26 +224,6 @@ Default mode: PxModule::ACTIVE_MODE
 params[:module_mode] = PxModule::MONITOR_MODE
 ```
 
-<a name="captcha-support"></a>**Enable/Disable CAPTCHA on the block page**
-Default mode: enabled
-
-By enabling CAPTCHA support, a CAPTCHA will be served as part of the block page, giving real users the ability to identify as a human. By solving the CAPTCHA, the user's score is then cleaned up and the user is allowed to continue normal use.
-
-```ruby
-params[:captcha_enabled] = false
-```
-
-<a name="captcha-provider"></a>**Select CAPTCHA Provider**
-
-The CAPTCHA part of the block page can use one of the following:
-* [reCAPTCHA](https://www.google.com/recaptcha)
-
-Default: 'reCaptcha'
-
-```ruby
-captchaProvider = "reCaptcha"
-```
-
 <a name="custom-uri"></a>**Custom URI**
 
 Default: 'REQUEST_URI'
@@ -325,11 +305,12 @@ However, it is possible to override configuration options on each request.
 To do so, send the configuration options as an argument when calling to `px_verify_request` as described in the following example.
 Notice that in case of an invalid argument, the module will raise an error. Therefore, when using this feature, make sure to wrap the call to `px_verify_request` with begin and rescue. It is highly recommended to log the error message to follow such errors.
 
+Usage example:
+
 ```ruby
 class HomeController < ApplicationController
   include PxModule
 
-
   before_action do call_perimeterx_verify_request end
 
   def call_perimeterx_verify_request
@@ -347,7 +328,35 @@ class HomeController < ApplicationController
 end
 ```
 
-<a name="contributing"></a># Contributing #
+<a name="first-party"></a>**First Party**
+
+To enable first party on your enforcer, add the following routes to your `config/routes.rb` file:
+
+```ruby
+  get '/:appid_postfix/init.js', to: 'home#index', constraints: { appid_postfix: /XXXXXXXX/ }
+  get '/:appid_postfix/captcha/:all', to: 'home#index', constraints: { appid_postfix: /XXXXXXXX/, all:/.*/ }
+  post '/:appid_postfix/xhr/:all', to: 'home#index', constraints: { appid_postfix: /XXXXXXXX/, all:/.*/  }  
+```
+
+Notice that all occurences of `XXXXXXXX` should be replaced with your px_app_id without the "PX" prefix. For example, if your px_app_id is `PX2H4seK9L`, replace `XXXXXXXX` with `2H4seK9L`.
+
+In case you are using more than one px_app_id, provide all of them with a `|` sign between them. For example:  2H4seK9L|9bMs6K94|Lc5kPMNx
+
+
+First Party configuration:
+
+Default: true
+
+```ruby
+  params[:first_party_enabled] = false
+```
+
+<a name="additional_information"></a> Additional Information 
+------------------------------
+### URI Delimiters
+PerimeterX processes URI paths with general- and sub-delimiters according to RFC 3986. General delimiters (e.g., `?`, `#`) are used to separate parts of the URI. Sub-delimiters (e.g., `$`, `&`) are not used to split the URI as they are considered valid characters in the URI path.
+
+<a name="contributing"></a> Contributing
 ------------------------------
 The following steps are welcome when contributing to our project.
 ###Fork/Clone

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: perimeter_x
 version: !ruby/object:Gem::Version
-  version: 2.1.0
+  version: 2.3.0
 platform: ruby
 authors:
 - Nitzan Goldfeder
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2020-09-01 00:00:00.000000000 Z
+date: 2022-04-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -173,6 +173,7 @@ files:
 - lib/perimeterx/internal/clients/perimeter_x_risk_client.rb
 - lib/perimeterx/internal/exceptions/px_config_exception.rb
 - lib/perimeterx/internal/exceptions/px_cookie_decryption_exception.rb
+- lib/perimeterx/internal/first_party/px_first_party.rb
 - lib/perimeterx/internal/payload/perimeter_x_cookie_v1.rb
 - lib/perimeterx/internal/payload/perimeter_x_cookie_v3.rb
 - lib/perimeterx/internal/payload/perimeter_x_payload.rb
@@ -190,6 +191,7 @@ files:
 - lib/perimeterx/utils/templates/ratelimit.mustache
 - lib/perimeterx/version.rb
 - perimeter_x.gemspec
+- px_metadata.json
 - readme.md
 homepage: https://www.perimeterx.com
 licenses:
@@ -214,7 +216,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
+rubygems_version: 3.0.3.1
 signing_key: 
 specification_version: 4
 summary: PerimeterX ruby implmentation