shopify_app 13.3.0 → 13.4.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +4 -0
- data/README.md +1 -2
- data/app/controllers/concerns/shopify_app/authenticated.rb +1 -0
- data/docs/Quickstart.md +2 -3
- data/lib/generators/shopify_app/install/templates/flash_messages.js +0 -2
- data/lib/shopify_app.rb +1 -0
- data/lib/shopify_app/controller_concerns/csrf_protection.rb +15 -0
- data/lib/shopify_app/version.rb +1 -1
- data/package.json +1 -1
- metadata +3 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 3f4300bbcbbf4e0e2c6b64d3943a83f8eda2774615016551b109880b21cb32d6
|
|
4
|
+
data.tar.gz: 68eca06abf0153e592b7a167bcaf0b60720213e351355737c59eafba01f65e82
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 9052491aa073afeacbb8cc6dc5bd6e12fe73c4935ed36e823ed5b3966df8c240d1e1a48e9adf02444c79e4aacada04b85e0de8184ea8148b9227589ef600fc6c
|
|
7
|
+
data.tar.gz: a78d6b3a5fb2a02c3122afabd2a4b2e564f5e5d0c7cb530622004e39143f695e0fbb804a9be20379a245e600330e08e3e8837dfb9dafe0ad8ceeade613c07c3d
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,7 @@
|
|
|
1
|
+
13.4.0
|
|
2
|
+
------
|
|
3
|
+
* Skip CSRF protection if a valid signed JWT token is present as we trust Shopify to be the only source that can sign it securely. [#994](https://github.com/Shopify/shopify_app/pull/994)
|
|
4
|
+
|
|
1
5
|
13.3.0
|
|
2
6
|
------
|
|
3
7
|
* Added Payload Verification module [#992](https://github.com/Shopify/shopify_app/pull/992)
|
data/README.md
CHANGED
|
@@ -58,8 +58,7 @@ $ rails new my_shopify_app
|
|
|
58
58
|
$ cd my_shopify_app
|
|
59
59
|
|
|
60
60
|
# Add the gem shopify_app to your Gemfile
|
|
61
|
-
$
|
|
62
|
-
$ bundle install
|
|
61
|
+
$ bundle add shopify_app
|
|
63
62
|
```
|
|
64
63
|
|
|
65
64
|
Now we are ready to run any of the [generators](#generators) included with `shopify_app`. The following section explains the generators and what you can do with them.
|
|
@@ -7,6 +7,7 @@ module ShopifyApp
|
|
|
7
7
|
included do
|
|
8
8
|
include ShopifyApp::Localization
|
|
9
9
|
include ShopifyApp::LoginProtection
|
|
10
|
+
include ShopifyApp::CsrfProtection
|
|
10
11
|
include ShopifyApp::EmbeddedApp
|
|
11
12
|
before_action :login_again_if_different_user_or_shop
|
|
12
13
|
around_action :activate_shopify_session
|
data/docs/Quickstart.md
CHANGED
|
@@ -40,11 +40,10 @@ $ heroku create name
|
|
|
40
40
|
4. Add ShopifyApp to Gemfile
|
|
41
41
|
----------------------------
|
|
42
42
|
|
|
43
|
-
Run
|
|
43
|
+
Run this command to add the `shopify_app` Gem to your app:
|
|
44
44
|
|
|
45
45
|
```sh
|
|
46
|
-
$
|
|
47
|
-
$ bundle install
|
|
46
|
+
$ bundle add shopify_app
|
|
48
47
|
```
|
|
49
48
|
|
|
50
49
|
**Note:** we recommend using the latest version of Shopify Gem. Check the [Git tags](https://github.com/Shopify/shopify_app/tags) to see the latest release version and then add it to your Gemfile e.g `gem 'shopify_app', '~> 7.0.0'`
|
data/lib/shopify_app.rb
CHANGED
|
@@ -27,6 +27,7 @@ module ShopifyApp
|
|
|
27
27
|
require 'shopify_app/utils'
|
|
28
28
|
|
|
29
29
|
# controller concerns
|
|
30
|
+
require 'shopify_app/controller_concerns/csrf_protection'
|
|
30
31
|
require 'shopify_app/controller_concerns/localization'
|
|
31
32
|
require 'shopify_app/controller_concerns/itp'
|
|
32
33
|
require 'shopify_app/controller_concerns/login_protection'
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
module ShopifyApp
|
|
3
|
+
module CsrfProtection
|
|
4
|
+
extend ActiveSupport::Concern
|
|
5
|
+
included do
|
|
6
|
+
protect_from_forgery with: :exception, unless: :valid_session_token?
|
|
7
|
+
end
|
|
8
|
+
|
|
9
|
+
private
|
|
10
|
+
|
|
11
|
+
def valid_session_token?
|
|
12
|
+
request.env['jwt.shopify_domain']
|
|
13
|
+
end
|
|
14
|
+
end
|
|
15
|
+
end
|
data/lib/shopify_app/version.rb
CHANGED
data/package.json
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: shopify_app
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 13.
|
|
4
|
+
version: 13.4.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Shopify
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-06-
|
|
11
|
+
date: 2020-06-09 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: browser_sniffer
|
|
@@ -358,6 +358,7 @@ files:
|
|
|
358
358
|
- lib/shopify_app.rb
|
|
359
359
|
- lib/shopify_app/configuration.rb
|
|
360
360
|
- lib/shopify_app/controller_concerns/app_proxy_verification.rb
|
|
361
|
+
- lib/shopify_app/controller_concerns/csrf_protection.rb
|
|
361
362
|
- lib/shopify_app/controller_concerns/embedded_app.rb
|
|
362
363
|
- lib/shopify_app/controller_concerns/itp.rb
|
|
363
364
|
- lib/shopify_app/controller_concerns/localization.rb
|