RubyGems - shopify_app - Versions diffs - 12.0.2 → 12.0.3 - Mend

shopify_app 12.0.2 → 12.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +5 -0
data/lib/shopify_app/engine.rb +1 -1
data/lib/shopify_app/middleware/same_site_cookie_middleware.rb +16 -9
data/lib/shopify_app/version.rb +1 -1
metadata +2 -2

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: dd21d52fbb932f0fef8522975adfb22431ff103d7fa14e4591e0eb24bafeeaec
-  data.tar.gz: da650fd1de45574447c28dca6803adf49063e0c879a0eab7d71b2823d3d1f15c
+  metadata.gz: 5dcd45c8f2586d1be89322c54d902eb7f9d91d28969725d7ba10e332d3165e29
+  data.tar.gz: ac7e290930adff81933a9dac3a2b212a0b2d579018cca043ed01f9c54dd78b35
 SHA512:
-  metadata.gz: 04f13911597abebbc3e32bc72ac42f9cfe01e2370515935bac076ce9517a44767af1f6185260cbeaae6a5eb2f76f48eb19ff9f013d41504d144ba8b23fb7ca6a
-  data.tar.gz: 3474caf61956e3bd8c3b4ae37fb326403493e3391805b85f3962aa753e080b0dfc3c3f82173991b099b804784123d5bf6d108e99ab4f1795c16f4f4cdd1ba862
+  metadata.gz: 47e1984dd4168715a3b0698f41cfe76fa989121be1f915dde626bd18e769a535431e78694b1e7b5eaac86324e0bfef89e47289fcbf0d1ab8927c1ed5ead6fb66
+  data.tar.gz: 3226cfe6d9001f37b2349f039dfe5a860693ef2bf84d2ca4386c7b0c6024d13ac4a998abfbf4ad331cd190f187b95fe7f3069365d08fcc1466627ed528050c66

data/CHANGELOG.md CHANGED

@@ -1,3 +1,8 @@
+12.0.3
+------
+* Moves samesite middleware higher in the stack #898
+* Fix issue where not redirecting user to granted storage page casues infinite loop #900
 12.0.2
 ------
 * Reverts "Fix for return_to in safari after enable_cookies/granted_storage_access" introduced in 12.0.1

data/lib/shopify_app/engine.rb CHANGED

@@ -14,7 +14,7 @@ module ShopifyApp
     end
     initializer "shopify_app.middleware" do |app|
-      app.config.middleware.insert_before(ActionDispatch::Cookies, ShopifyApp::SameSiteCookieMiddleware)
+      app.config.middleware.insert_after(::Rack::Runtime, ShopifyApp::SameSiteCookieMiddleware)
     end
   end
 end

data/lib/shopify_app/middleware/same_site_cookie_middleware.rb CHANGED

@@ -1,25 +1,32 @@
 module ShopifyApp
   class SameSiteCookieMiddleware
+    COOKIE_SEPARATOR = "\n"
     def initialize(app)
       @app = app
     end
     def call(env)
-      _status, headers, _body = @app.call(env)
-    ensure
+      status, headers, body = @app.call(env)
       user_agent = env['HTTP_USER_AGENT']
-      if headers && headers['Set-Cookie'] && !SameSiteCookieMiddleware.same_site_none_incompatible?(user_agent) &&
+      if headers && headers['Set-Cookie'] &&
+          !SameSiteCookieMiddleware.same_site_none_incompatible?(user_agent) &&
           ShopifyApp.configuration.enable_same_site_none
-        cookies = headers['Set-Cookie'].split("\n").compact
-        cookies.each do |cookie|
-          unless cookie.include?("; SameSite")
-            headers['Set-Cookie'] = headers['Set-Cookie'].gsub(cookie, "#{cookie}; secure; SameSite=None")
+        set_cookies = headers['Set-Cookie']
+          .split(COOKIE_SEPARATOR)
+          .compact
+          .map do |cookie|
+            cookie << '; Secure' if not cookie =~ /;\s*secure/i
+            cookie << '; SameSite=None' unless cookie =~ /;\s*samesite=/i
+            cookie
           end
-        end
+        headers['Set-Cookie'] = set_cookies.join(COOKIE_SEPARATOR)
       end
+      [status, headers, body]
     end
     def self.same_site_none_incompatible?(user_agent)

data/lib/shopify_app/version.rb CHANGED

@@ -1,3 +1,3 @@
 module ShopifyApp
-  VERSION = '12.0.2'.freeze
+  VERSION = '12.0.3'.freeze
 end

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: shopify_app
 version: !ruby/object:Gem::Version
-  version: 12.0.2
+  version: 12.0.3
 platform: ruby
 authors:
 - Shopify
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-02-11 00:00:00.000000000 Z
+date: 2020-02-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: browser_sniffer