shopify_app 8.2.2 → 8.2.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +8 -0
- data/README.md +12 -4
- data/app/controllers/shopify_app/authenticated_controller.rb +1 -0
- data/app/controllers/shopify_app/webhooks_controller.rb +1 -1
- data/lib/generators/shopify_app/install/templates/_flash_messages.html.erb +4 -2
- data/lib/shopify_app/controller_concerns/app_proxy_verification.rb +1 -1
- data/lib/shopify_app/version.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: e1662a396a08cd1ba5550280392d00fe2886e0ca
|
|
4
|
+
data.tar.gz: 8b8744e2ae2ece532aa36973cc6057642cba49cd
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 1cd6fd0df8ecddb2dfc28a5cd301dac2606cb729e62261d7363a06c7044568466eb9ee13fa2225f1a599b3c7c7bacdb53cbc7fe5f73597437abcd59b156e0128
|
|
7
|
+
data.tar.gz: 0f1ef949777a3f65b857b69e2bb328db7b449450cd7ac3fc3eb3924106791e6fd91dc40a4f1bd2d25026685f5e33bc0e02449e10cc5c33bf03b7651615a753a0
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,11 @@
|
|
|
1
|
+
8.2.4
|
|
2
|
+
-----
|
|
3
|
+
* Add CSRF protection through `protect_from_forgery with: :exception` on `ShopifyApp::AuthenticatedController`
|
|
4
|
+
|
|
5
|
+
8.2.3
|
|
6
|
+
-----
|
|
7
|
+
* Send head :forbidden instead of :unauthorized when AppProxyVerification fails
|
|
8
|
+
|
|
1
9
|
8.2.2
|
|
2
10
|
-----
|
|
3
11
|
* Changes how the ESDK concern allows iframes. Fixes an issue with the first request for some people
|
data/README.md
CHANGED
|
@@ -8,6 +8,7 @@ Shopify App
|
|
|
8
8
|
|
|
9
9
|
Shopify Application Rails engine and generator
|
|
10
10
|
|
|
11
|
+
#### NOTE : Versions 8.0.0 through 8.2.3 contained a CSRF vulnerability that was addressed in version 8.2.4. Please update to version 8.2.4 if you're using an old version.
|
|
11
12
|
|
|
12
13
|
Table of Contents
|
|
13
14
|
-----------------
|
|
@@ -275,20 +276,27 @@ ShopifyApp.configure do |config|
|
|
|
275
276
|
end
|
|
276
277
|
```
|
|
277
278
|
|
|
278
|
-
If you'd rather implement your own controller then you'll want to use the WebhookVerfication module to verify your webhooks:
|
|
279
|
+
If you'd rather implement your own controller then you'll want to use the WebhookVerfication module to verify your webhooks, example:
|
|
279
280
|
|
|
280
281
|
```ruby
|
|
281
282
|
class CustomWebhooksController < ApplicationController
|
|
282
283
|
include ShopifyApp::WebhookVerification
|
|
283
284
|
|
|
284
285
|
def carts_update
|
|
285
|
-
|
|
286
|
-
|
|
286
|
+
params.permit!
|
|
287
|
+
SomeJob.perform_later(shop_domain: shop_domain, webhook: webhook_params.to_h)
|
|
288
|
+
head :no_content
|
|
289
|
+
end
|
|
290
|
+
|
|
291
|
+
private
|
|
292
|
+
|
|
293
|
+
def webhook_params
|
|
294
|
+
params.except(:controller, :action, :type)
|
|
287
295
|
end
|
|
288
296
|
end
|
|
289
297
|
```
|
|
290
298
|
|
|
291
|
-
The module skips the `verify_authenticity_token` before_action and adds an action to verify that the webhook came from Shopify.
|
|
299
|
+
The module skips the `verify_authenticity_token` before_action and adds an action to verify that the webhook came from Shopify. You can now add a post route to your application pointing to the controller and action to accept the webhook data from Shopify.
|
|
292
300
|
|
|
293
301
|
The WebhooksManager uses ActiveJob, if ActiveJob is not configured then by default Rails will run the jobs inline. However it is highly recommended to configure a proper background processing queue like sidekiq or resque in production.
|
|
294
302
|
|
|
@@ -5,7 +5,7 @@ module ShopifyApp
|
|
|
5
5
|
class ShopifyApp::MissingWebhookJobError < StandardError; end
|
|
6
6
|
|
|
7
7
|
def receive
|
|
8
|
-
params.
|
|
8
|
+
params.permit!
|
|
9
9
|
job_args = {shop_domain: shop_domain, webhook: webhook_params.to_h}
|
|
10
10
|
webhook_job_klass.perform_later(job_args)
|
|
11
11
|
head :no_content
|
|
@@ -1,8 +1,8 @@
|
|
|
1
1
|
<% content_for :javascript do %>
|
|
2
2
|
<script type="text/javascript">
|
|
3
|
-
var eventName = typeof(Turbolinks) !== 'undefined' ? '
|
|
3
|
+
var eventName = typeof(Turbolinks) !== 'undefined' ? 'turbolinks:load' : 'DOMContentLoaded';
|
|
4
4
|
|
|
5
|
-
document.addEventListener(eventName, function() {
|
|
5
|
+
document.addEventListener(eventName, function flash() {
|
|
6
6
|
<% if flash[:notice] %>
|
|
7
7
|
ShopifyApp.flashNotice("<%= j flash[:notice].html_safe %>");
|
|
8
8
|
<% end %>
|
|
@@ -10,6 +10,8 @@
|
|
|
10
10
|
<% if flash[:error] %>
|
|
11
11
|
ShopifyApp.flashError("<%= j flash[:error].html_safe %>");
|
|
12
12
|
<% end %>
|
|
13
|
+
|
|
14
|
+
document.removeEventListener(eventName, flash)
|
|
13
15
|
});
|
|
14
16
|
</script>
|
|
15
17
|
<% end %>
|
data/lib/shopify_app/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: shopify_app
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 8.2.
|
|
4
|
+
version: 8.2.4
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Shopify
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2017-
|
|
11
|
+
date: 2017-11-08 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rails
|
|
@@ -215,7 +215,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
215
215
|
version: '0'
|
|
216
216
|
requirements: []
|
|
217
217
|
rubyforge_project:
|
|
218
|
-
rubygems_version: 2.5.2
|
|
218
|
+
rubygems_version: 2.5.2.1
|
|
219
219
|
signing_key:
|
|
220
220
|
specification_version: 4
|
|
221
221
|
summary: This gem is used to get quickly started with the Shopify API
|