shopify_app 18.0.0 → 18.0.1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 7da18fdd3924eb35146d7ca4dbd928567e377757d0f3cc11c72ef6aa732e1cec
4
- data.tar.gz: 5e90219d351aab20f23e247c28d63626ecbd1a26f960157a2e91221940b09b5f
3
+ metadata.gz: 05a2dce084fe578139757483538102b6f57d1fc4ec6935ae8ce4d11df7a914cf
4
+ data.tar.gz: 789a109b204a143850cc0c7d3fe14c6d4519b94d89671d46ddb09101283ceb7a
5
5
  SHA512:
6
- metadata.gz: f29dcc0b4504248d2811d9d61be42fa03f2a161eb16f79dde1b044db71e6f2697847dabb80563cb1cd21cdcc3979b1eb147d6ff07e4a51baad571a8830ed4969
7
- data.tar.gz: a2138081a6942f4418cf3efb72f63ed61a3de162686c2e3d1b9316ed7f292c0adf8fa5e248b8a5396504096d561248427de32a36b87d1f84bb6901fd9efca661
6
+ metadata.gz: 2cee778a503dc5652623f9b2d6e82b9844dff44840d77b57e8ecc4051bb7b3dd1707ba35cc2df93f348006da29251290b82c32988499f0e864d65d0d868bf00e
7
+ data.tar.gz: 6ff6e53fb49335ee6e151ce8d21d2b7bd66b8f9267b9ed03ef589282bc9db2e5e9a3c17e4d2dfcec6fca5cc7fe59676d28dc4762254b6dfab356f2bcc9c47ec4
data/CHANGELOG.md CHANGED
@@ -1,5 +1,6 @@
1
- Unreleased
1
+ 18.0.1 (May 7, 2021)
2
2
  ----------
3
+ * Fix bug causing OAuth flow to fail due to CSP violation. [#1265](https://github.com/Shopify/shopify_app/pull/1265)
3
4
 
4
5
  18.0.0 (May 3, 2021)
5
6
  ----------
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- shopify_app (18.0.0)
4
+ shopify_app (18.0.1)
5
5
  browser_sniffer (~> 1.2.2)
6
6
  jwt (>= 2.2.3)
7
7
  omniauth-rails_csrf_protection
@@ -0,0 +1,9 @@
1
+ (function() {
2
+ function redirect() {
3
+ var form = document.getElementById("redirect-form");
4
+ if (form) {
5
+ form.submit();
6
+ }
7
+ }
8
+ document.addEventListener("DOMContentLoaded", redirect);
9
+ })();
@@ -5,15 +5,7 @@
5
5
  <meta name="viewport" content="width=device-width, initial-scale=1" />
6
6
  <base target="_top">
7
7
  <title>Redirecting…</title>
8
- <script>
9
- function redirect() {
10
- var form = document.getElementById("redirect-form");
11
- if (form) {
12
- form.submit();
13
- }
14
- }
15
- document.addEventListener("DOMContentLoaded", redirect);
16
- </script>
8
+ <%= javascript_include_tag('shopify_app/post_redirect', crossorigin: 'anonymous', integrity: true) %>
17
9
  </head>
18
10
  <body>
19
11
  <%= form_tag '/auth/shopify', id: 'redirect-form' %>
@@ -11,6 +11,7 @@
11
11
  [App installation](#app-installation)
12
12
  * [My app won't install](#my-app-wont-install)
13
13
  * [My app keeps redirecting to login](#my-app-keeps-redirecting-to-login)
14
+ * [My app returns 401 during oauth](#my-app-returns-401-during-oauth)
14
15
 
15
16
  [JWT session tokens](#jwt-session-tokens)
16
17
  * [My app is still using cookies to authenticate](#my-app-is-still-using-cookies-to-authenticate)
@@ -67,6 +68,10 @@ Alternatively, you can upgrade to [`v17.2.0` of the shopify_app gem](/docs/Upgra
67
68
 
68
69
  This issue can occur when the session (the model you set as `ShopifyApp::SessionRepository.storage`) isn't deleted when the user uninstalls your app. A possible fix for this is listening to the `app/uninstalled` webhook and deleting the corresponding session in the webhook handler.
69
70
 
71
+ ### My app returns 401 during oauth
72
+
73
+ If your local dev env uses the `cookie_store` session storage strategy, you may encounter 401 errors during oauth due to a race condition between asset requests and `/auth/shopify`. You should be able to work around for local testing by using a different browser or session storage strategy. [Read more about the status of this issue](https://github.com/Shopify/shopify_app/issues/1269).
74
+
70
75
  ## JWT session tokens
71
76
 
72
77
  ### My app is still using cookies to authenticate
@@ -17,6 +17,7 @@ module ShopifyApp
17
17
  initializer "shopify_app.assets.precompile" do |app|
18
18
  app.config.assets.precompile += %w[
19
19
  shopify_app/redirect.js
20
+ shopify_app/post_redirect.js
20
21
  shopify_app/top_level.js
21
22
  shopify_app/enable_cookies.js
22
23
  shopify_app/request_storage_access.js
@@ -1,4 +1,4 @@
1
1
  # frozen_string_literal: true
2
2
  module ShopifyApp
3
- VERSION = '18.0.0'
3
+ VERSION = '18.0.1'
4
4
  end
data/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "shopify_app",
3
- "version": "18.0.0",
3
+ "version": "18.0.1",
4
4
  "repository": "git@github.com:Shopify/shopify_app.git",
5
5
  "author": "Shopify",
6
6
  "license": "MIT",
data/service.yml CHANGED
@@ -1,4 +1,4 @@
1
1
  audience: partner
2
2
  classification: library
3
3
  slack_channels:
4
- - core-build-extend
4
+ - shopify_app_gem
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: shopify_app
3
3
  version: !ruby/object:Gem::Version
4
- version: 18.0.0
4
+ version: 18.0.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Shopify
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-05-03 00:00:00.000000000 Z
11
+ date: 2021-05-10 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: browser_sniffer
@@ -286,6 +286,7 @@ files:
286
286
  - app/assets/javascripts/shopify_app/enable_cookies.js
287
287
  - app/assets/javascripts/shopify_app/itp_helper.js
288
288
  - app/assets/javascripts/shopify_app/partition_cookies.js
289
+ - app/assets/javascripts/shopify_app/post_redirect.js
289
290
  - app/assets/javascripts/shopify_app/redirect.js
290
291
  - app/assets/javascripts/shopify_app/request_storage_access.js
291
292
  - app/assets/javascripts/shopify_app/storage_access.js