shopify-sinatra-app 1.1.0 → 1.1.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG +4 -0
- data/README.md +1 -1
- data/example/test/test_helper.rb +1 -1
- data/lib/sinatra/shopify-sinatra-app.rb +34 -1
- data/shopify-sinatra-app.gemspec +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 734844728b60f961f5439fd7220d3fec58fd6f70cd71419ba9596d9c3686c592
|
|
4
|
+
data.tar.gz: c01746bc29a918be96c56b0c374c0c34108552eb5cc9090b73c24fe28cec735a
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: c1b690cabf25ceed9607ab97faf426748793b3ab069ac75111c489e81da4ff950041d4efdaf5be7b8cd32da3cdf6c9b04e32dff2842e1363d007a978effa1d0e
|
|
7
|
+
data.tar.gz: 219d6efdfb4716e03d84773e31e8be04a403cfd36cff2bea04e6d7457148dad86c69deac9278a4095001b02b6b131e3296d405723f581ccbda37c0b22a64958f
|
data/CHANGELOG
CHANGED
data/README.md
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
shopify-sinatra-app [](https://dl.circleci.com/status-badge/redirect/gh/kevinhughes27/shopify-sinatra-app/tree/master)
|
|
2
2
|
===================
|
|
3
3
|
|
|
4
4
|
"A classy shopify app"
|
data/example/test/test_helper.rb
CHANGED
|
@@ -117,6 +117,37 @@ module Sinatra
|
|
|
117
117
|
end
|
|
118
118
|
end
|
|
119
119
|
|
|
120
|
+
# needs to be dynamic to incude the current shop
|
|
121
|
+
class ContentSecurityPolicy < Rack::Protection::Base
|
|
122
|
+
def csp_policy(env)
|
|
123
|
+
"frame-ancestors: #{current_shop(env)} https://admin.shopify.com;"
|
|
124
|
+
end
|
|
125
|
+
|
|
126
|
+
def call(env)
|
|
127
|
+
status, headers, body = @app.call(env)
|
|
128
|
+
header = 'Content-Security-Policy'
|
|
129
|
+
headers[header] ||= csp_policy(env) if html? headers
|
|
130
|
+
[status, headers, body]
|
|
131
|
+
end
|
|
132
|
+
|
|
133
|
+
private
|
|
134
|
+
|
|
135
|
+
def current_shop(env)
|
|
136
|
+
s = session(env)
|
|
137
|
+
if s.has_key?("return_params")
|
|
138
|
+
"https://#{s["return_params"]["shop"]}"
|
|
139
|
+
elsif s.has_key?(:shopify)
|
|
140
|
+
"https://#{s[:shopify][:shop]}"
|
|
141
|
+
end
|
|
142
|
+
end
|
|
143
|
+
|
|
144
|
+
def html?(headers)
|
|
145
|
+
return false unless (header = headers.detect { |k, _v| k.downcase == 'content-type' })
|
|
146
|
+
|
|
147
|
+
options[:html_types].include? header.last[%r{^\w+/\w+}]
|
|
148
|
+
end
|
|
149
|
+
end
|
|
150
|
+
|
|
120
151
|
def shopify_webhook(route, &blk)
|
|
121
152
|
settings.webhook_routes << route
|
|
122
153
|
post(route) do
|
|
@@ -135,7 +166,7 @@ module Sinatra
|
|
|
135
166
|
app.set :public_folder, File.expand_path('public')
|
|
136
167
|
app.enable :inline_templates
|
|
137
168
|
|
|
138
|
-
app.set :protection, except: :frame_options
|
|
169
|
+
app.set :protection, except: :frame_options
|
|
139
170
|
|
|
140
171
|
app.set :api_version, '2019-07'
|
|
141
172
|
app.set :scope, 'read_products, read_orders'
|
|
@@ -157,6 +188,8 @@ module Sinatra
|
|
|
157
188
|
secret: app.settings.secret,
|
|
158
189
|
expire_after: 60 * 30 # half an hour in seconds
|
|
159
190
|
|
|
191
|
+
app.use Shopify::ContentSecurityPolicy
|
|
192
|
+
|
|
160
193
|
app.use Rack::Protection::AuthenticityToken, allow_if: lambda { |env|
|
|
161
194
|
app.settings.webhook_routes.include?(env["PATH_INFO"])
|
|
162
195
|
}
|
data/shopify-sinatra-app.gemspec
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: shopify-sinatra-app
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.1.
|
|
4
|
+
version: 1.1.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Kevin Hughes
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-
|
|
11
|
+
date: 2022-12-18 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: sinatra
|